CVE-2009-0434: Infoleak
First published: Tue Feb 10 2009(Updated: )
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.28 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.20 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.30 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=swg27006876
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK79230
- http://www.securityfocus.com/bid/33700
- http://www.vupen.com/english/advisories/2009/0423
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48524
Frequently Asked Questions
What is the severity of CVE-2009-0434?
CVE-2009-0434 has a severity rating that indicates significant risk due to the exposure of sensitive information.
How do I fix CVE-2009-0434?
To fix CVE-2009-0434, upgrade to the latest version of IBM WebSphere Application Server that is not affected by this vulnerability.
Who is affected by CVE-2009-0434?
CVE-2009-0434 affects local users of IBM WebSphere Application Server versions 6.0.x, 6.1.x, and 7.0.x prior to specific patch levels.
What type of information can be exposed in CVE-2009-0434?
CVE-2009-0434 allows local users to obtain sensitive information from the Performance Monitoring Infrastructure when enabled.
Is there a workaround for CVE-2009-0434?
A workaround for CVE-2009-0434 involves disabling Performance Monitoring Infrastructure if upgrading is not immediately possible.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.0.2.1
- version/ibm websphere application server feature pack for web services/6.0.2.5
- version/ibm websphere application server feature pack for web services/6.0.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.0.1.15
- version/ibm websphere application server feature pack for web services/6.0.1.3
- version/ibm websphere application server feature pack for web services/6.0.2.13
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.0.2.9
- version/ibm websphere application server feature pack for web services/6.0.1.11
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/6.0.2.28
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.0.2.11
- version/ibm websphere application server feature pack for web services/6.0.2.6
- version/ibm websphere application server feature pack for web services/6.1.0.20
- version/ibm websphere application server feature pack for web services/6.0.2.2
- version/ibm websphere application server feature pack for web services/6.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.24
- version/ibm websphere application server feature pack for web services/6.0.1.9
- version/ibm websphere application server feature pack for web services/6.0.1.17
- version/ibm websphere application server feature pack for web services/6.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.4
- version/ibm websphere application server feature pack for web services/6.0.2.17
- version/ibm websphere application server feature pack for web services/6.0.1.2
- version/ibm websphere application server feature pack for web services/6.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.30
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.29
- version/ibm websphere application server feature pack for web services/6.0.2.23
- version/ibm websphere application server feature pack for web services/6.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.7
- version/ibm websphere application server feature pack for web services/6.0.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.27
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.16
- version/ibm websphere application server feature pack for web services/6.0.2.22
- version/ibm websphere application server feature pack for web services/6.0.1.5
- version/ibm websphere application server feature pack for web services/6.1.0.10
- version/ibm websphere application server feature pack for web services/6.0.1.7
- version/ibm websphere application server feature pack for web services/6.0
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.0.2.3
- version/ibm websphere application server feature pack for web services/6.1.0.18
- version/ibm websphere application server feature pack for web services/6.0.2.19
- version/ibm websphere application server feature pack for web services/6.0.1.1
- version/ibm websphere application server feature pack for web services/6.0.2.25
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/6.0.1.13
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.0.2.31