CVE-2005-4833

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4833
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	6.0	6.0.x

http://osvdb.org/34177
http://secunia.com/advisories/24478
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www-1.ibm.com/support/docview.wss?uid=swg24008815
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970

Vulnerability Database

289,697

CVE-2005-4833