CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Information

Published : 2005-11-03 16:02

Updated : 2018-09-26 08:30


NVD link : CVE-2005-3498

Mitre link : CVE-2005-3498


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

ibm

  • websphere_application_server