// For flags

CVE-2009-3106

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.

El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.37, no implementa adecuadamente las restricciones de seguridad sobre los métodos (1) doGet y (2) doTrace, lo que permite a atacantes remotos evitar las restricciones de acceso intencionadas y obtener información sensible a través de una petición de cabecera (HEAD) HTTP a la Aplicación Web.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-09-08 CVE Reserved
  • 2009-09-08 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2"
fp17
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.1
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.2
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.3
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.3"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.4
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.4"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.5
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.5"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.6
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.6"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.7
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.7"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.8
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.8"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.9
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.9"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.10
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.10"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.11
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.11"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.12
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.12"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.13
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.13"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.14
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.14"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.15
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.15"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.16
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.16"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.17
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.17"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.18
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.18"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.19
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.19"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.20
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.20"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.21
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.21"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.22
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.22"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.23
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.23"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.24
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.24"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.25
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.25"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.27
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.27"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.28
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.28"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.29
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.29"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.30
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.30"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.31
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.31"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.32
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.32"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.33
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.33"
-
Affected
Ibm
Search vendor "Ibm"
Websphere Application Server
Search vendor "Ibm" for product "Websphere Application Server"
6.0.2.35
Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.35"
-
Affected