CVE-2009-1898

medium

Description

The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51170

http://www.vupen.com/english/advisories/2009/1464

http://www.securityfocus.com/bid/35405

http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010

http://www-01.ibm.com/support/docview.wss?uid=swg27006876

http://secunia.com/advisories/35301

Details

Source: Mitre, NVD

Published: 2009-06-03

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium