CVE-2008-0740

medium

Description

IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.

References

http://www.vupen.com/english/advisories/2008/0241

http://www.securityfocus.com/bid/27400

http://www-1.ibm.com/support/docview.wss?uid=swg27007951

http://www-1.ibm.com/support/docview.wss?uid=swg27006876

http://www-1.ibm.com/support/docview.wss?uid=swg1PK48785

http://osvdb.org/42878

Details

Source: Mitre, NVD

Published: 2008-02-13

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium