CVE-2010-1651

Properties

Published:
02.05.2010
Updated:
22.06.2010
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:M/Au:N/C:P/I:N/A:N)
    Product:
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server
    ibm: websphere_application_server

    Vulnerability description

    IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

    References:

    AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
    XF: http://xforce.iss.net/xforce/xfdb/58324
    VUPEN: http://www.vupen.com/english/advisories/2010/1411
    OSVDB: http://www.osvdb.org/65437
    AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
    AIXAPAR: http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892
    SECUNIA: http://secunia.com/advisories/40096
    SECUNIA: http://secunia.com/advisories/39628