NVD

Id
49976  
Name
CVE-2009-2743  
Description
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-07  
Published
2009-09-21  
Modified Date
2010-12-30  
Seq
2009-2743  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
252917 49976 CVE-2009-2743 http://www-01.ibm.com/support/docview.wss?uid=swg27007951  View
252918 49976 CVE-2009-2743 http://www-01.ibm.com/support/docview.wss?uid=swg27014463  View
252919 49976 CVE-2009-2743 ADV-2009-2721  View
252920 49976 CVE-2009-2743 was-wsadmin-jaasj2c-information-disclosure(53343)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41176 JVNDB-2009-002183 IBM WebSphere Application Server における重要な情報を取得される脆弱性 IBM WebSphere Application Server (WAS) には、wsadmin スクリプトの使用および JAAS-J2C 認証データの設定により発生する例外を適切に処理しないため、First Failure Data Capture (FFDC) ログファイルを閲覧されることにより重要な情報を取得される脆弱性が存在します。 CVE-2009-2743 40174 CVE-2009-2743 49976 2.1 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002183.html 2009-09-21 2009-12-25 View