CVE-2006-4223

{"id": "CVE-2006-4223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-18T20:04:00.000", "references": [{"url": "http://secunia.com/advisories/21487", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24478", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22991", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3281", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0970", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."}, {"lang": "es", "value": "IBM WebSphere Application Server anterior a 6.0.2.13 permiet a atacantes locales o remotos (dependiendo del contexto) obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) \"exposici\u00f3n de c\u00f3digo fuente JSTP\" (PK23475), (2) el archivo de registro de la Captura de Datos del Primer Fallo (First Failure Data Capture)(ffdc)(PK24834), y (3) trazas (PK25568), un problema distinto de CVE-2006-4137."}], "lastModified": "2011-03-07T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ABF32A6-E46F-4F34-A683-F9D90AD010DC", "versionEndIncluding": "6.0.2.11"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "521DB050-3C94-49BF-8666-6EC2C358AA27"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}