CVE-2006-4223

IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.

Published: Aug 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4223
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	6.0.2.1	6.0.2.1.x
ibm / websphere_application_server	6.0.2.5	6.0.2.5.x
ibm / websphere_application_server	6.0.2.9	6.0.2.9.x
ibm / websphere_application_server	6.0.2	6.0.2.x
ibm / websphere_application_server	6.0.2.7	6.0.2.7.x
ibm / websphere_application_server	6.0.2.3	6.0.2.3.x
ibm / websphere_application_server	-	6.0.2.11.x

Vulnerability Database

289,697

CVE-2006-4223