CVE-2005-0425

high

Description

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.

References

http://www-1.ibm.com/support/docview.wss?uid=swg24008815

http://www-1.ibm.com/support/docview.wss?uid=swg24008814

http://secunia.com/advisories/14274

Details

Source: Mitre, NVD

Published: 2005-05-02

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High