CVE-2010-1650

Properties

Published:
02.05.2010
Updated:
20.05.2010
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:M/Au:N/C:P/I:N/A:N)
    Product:
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server

    Vulnerability description

    IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

    References:

    AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
    XF: http://xforce.iss.net/xforce/xfdb/58323
    VUPEN: http://www.vupen.com/english/advisories/2010/0994
    AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839
    SECUNIA: http://secunia.com/advisories/39628