CVE-2011-1310: Infoleak

First published: Tue Mar 08 2011(Updated: )

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ibm Websphere Application Server	=6.1.0.21
Ibm Websphere Application Server	=6.1.0.31
Ibm Websphere Application Server	=6.1.0.19
Ibm Websphere Application Server	=6.1.0.2
Ibm Websphere Application Server	=6.1.0.33
Ibm Websphere Application Server	=6.1.0.25
Ibm Websphere Application Server	=6.1.0.11
Ibm Websphere Application Server	=6.1.0.9
Ibm Websphere Application Server	=6.1.0.0
Ibm Websphere Application Server	=6.1.0.1
Ibm Websphere Application Server	=6.1.0.27
Ibm Websphere Application Server	=6.1.0.29
Ibm Websphere Application Server	=6.1.0.7
Ibm Websphere Application Server	=6.1.0.3
Ibm Websphere Application Server	=6.1.0.17
Ibm Websphere Application Server	=6.1.0.15
Ibm Websphere Application Server	=6.1.0.23
Ibm Websphere Application Server	=6.1.0
Ibm Websphere Application Server	=6.1.0.5
Ibm Websphere Application Server	=6.1.0.12
Ibm Websphere Application Server	=7.0.0.2
Ibm Websphere Application Server	=7.0.0.5
Ibm Websphere Application Server	=7.0.0.9
Ibm Websphere Application Server	=7.0.0.4
Ibm Websphere Application Server	=7.0.0.11
Ibm Websphere Application Server	=7.0
Ibm Websphere Application Server	=7.0.0.8
Ibm Websphere Application Server	=7.0.0.6
Ibm Websphere Application Server	=7.0.0.7
Ibm Websphere Application Server	=7.0.0.13
Ibm Websphere Application Server	=7.0.0.3
Ibm Websphere Application Server	=7.0.0.1

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm websphere application server
version/ibm websphere application server/6.1.0.21
version/ibm websphere application server/6.1.0.31
version/ibm websphere application server/6.1.0.19
version/ibm websphere application server/6.1.0.2
version/ibm websphere application server/6.1.0.33
version/ibm websphere application server/6.1.0.25
version/ibm websphere application server/6.1.0.11
version/ibm websphere application server/6.1.0.9
version/ibm websphere application server/6.1.0.0
version/ibm websphere application server/6.1.0.1
version/ibm websphere application server/6.1.0.27
version/ibm websphere application server/6.1.0.29
version/ibm websphere application server/6.1.0.7
version/ibm websphere application server/6.1.0.3
version/ibm websphere application server/6.1.0.17
version/ibm websphere application server/6.1.0.15
version/ibm websphere application server/6.1.0.23
version/ibm websphere application server/6.1.0
version/ibm websphere application server/6.1.0.5
version/ibm websphere application server/6.1.0.12
version/ibm websphere application server/7.0.0.2
version/ibm websphere application server/7.0.0.5
version/ibm websphere application server/7.0.0.9
version/ibm websphere application server/7.0.0.4
version/ibm websphere application server/7.0.0.11
version/ibm websphere application server/7.0
version/ibm websphere application server/7.0.0.8
version/ibm websphere application server/7.0.0.6
version/ibm websphere application server/7.0.0.7
version/ibm websphere application server/7.0.0.13
version/ibm websphere application server/7.0.0.3
version/ibm websphere application server/7.0.0.1

CVE-2011-1310: Infoleak

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact