CVE-2007-3397

The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.

Published: Jun 26, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3397
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	6.0.2.1	6.0.2.1.x
ibm / websphere_application_server	6.0.2.5	6.0.2.5.x
ibm / websphere_application_server	6.1.0.2	6.1.0.2.x
ibm / websphere_application_server	6.0.2.13	6.0.2.13.x
ibm / websphere_application_server	6.0.2.9	6.0.2.9.x
ibm / websphere_application_server	6.0.2.11	6.0.2.11.x
ibm / websphere_application_server	6.0.2.6	6.0.2.6.x
ibm / websphere_application_server	6.0.2.2	6.0.2.2.x
ibm / websphere_application_server	6.0.2	6.0.2.x
ibm / websphere_application_server	6.0.2.15	6.0.2.15.x
ibm / websphere_application_server	6.0.2.4	6.0.2.4.x
ibm / websphere_application_server	6.0.2.17	6.0.2.17.x
ibm / websphere_application_server	6.1.0.1	6.1.0.1.x
ibm / websphere_application_server	6.0.2.7	6.0.2.7.x
ibm / websphere_application_server	6.1.0.7	6.1.0.7.x
ibm / websphere_application_server	6.1.0.3	6.1.0.3.x
ibm / websphere_application_server	6.0.2.3	6.0.2.3.x
ibm / websphere_application_server	6.0.2.19	6.0.2.19.x
ibm / websphere_application_server	6.1.0	6.1.0.x
ibm / websphere_application_server	6.1.0.5	6.1.0.5.x

Vulnerability Database

289,697

CVE-2007-3397