Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ibm websphere_application_server 权限许可和访问控制漏洞
Vulnerability Description
IBM WebSphere Application Server(WAS),是Java EE 和Web 服务应用程序平台,是IBM WebSphere 软件平台的基础。 IBM WebSphere Application Server (WAS) 6.0.2.37之前的6.0.2中的Servlet Engine/Web Container组件没有正确的对(1)doGet和(2)doTrace方式执行安全限制,这使得远程攻击者可以借助一个特制的对web应用程序的HTTP头请求,绕过设置的访问限制和获得敏感信
CVSS Information
N/A
Vulnerability Type
N/A