IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability

Bugtraq ID:	39567
Class:	Unknown
CVE:	CVE-2010-0769
Remote:	Yes
Local:	No
Published:	Mar 29 2010 12:00AM
Updated:	Mar 29 2010 12:00AM
Credit:	IBM
Vulnerable:	IBM Websphere Application Server 7.0 3 IBM Websphere Application Server 7.0 .8 IBM Websphere Application Server 6.1.2 IBM Websphere Application Server 6.1 .9 IBM Websphere Application Server 6.1 .8 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .4 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .25 IBM Websphere Application Server 6.1 .23 IBM Websphere Application Server 6.1 .22 IBM Websphere Application Server 6.1 .21 IBM Websphere Application Server 6.1 .20 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .19 IBM Websphere Application Server 6.1 .18 IBM Websphere Application Server 6.1 .17 IBM Websphere Application Server 6.1 .15 IBM Websphere Application Server 6.1 .14 IBM Websphere Application Server 6.1 .13 IBM Websphere Application Server 6.1 .12 IBM Websphere Application Server 6.1 .11 IBM Websphere Application Server 6.1 .10 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .39 IBM Websphere Application Server 6.0.2 .35 IBM Websphere Application Server 6.0.2 .33 IBM Websphere Application Server 6.0.2 .31 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .29 IBM Websphere Application Server 6.0.2 .27 IBM Websphere Application Server 6.0.2 .25 IBM Websphere Application Server 6.0.2 .24 IBM Websphere Application Server 6.0.2 .23 IBM Websphere Application Server 6.0.2 .22 IBM Websphere Application Server 6.0.2 .21 IBM Websphere Application Server 6.0.2 .17 IBM Websphere Application Server 6.0.2 .15 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.1 IBM Websphere Application Server 6.0 .7 IBM Websphere Application Server 6.0 IBM Websphere Application Server 7.0.0.7 IBM Websphere Application Server 7.0.0.5 IBM Websphere Application Server 7.0.0.1 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.2 IBM Websphere Application Server 6.1.0.29 IBM Websphere Application Server 6.1.0.27 IBM Websphere Application Server 6.0.2.19 IBM Websphere Application Server 6.0.2 Fix Pack 17
Not Vulnerable:	IBM Websphere Application Server 7.0 .9 IBM Websphere Application Server 6.1.0.31 IBM Websphere Application Server 6.0.2.41

IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability

IBM WebSphere Application Server (WAS) is prone to an information-disclosure vulnerability because it stores sensitive information in an unsafe fashion.

A remote, authenticated attacker can exploit this issue to gain access to sensitive information; this may aid in further attacks.

Versions prior to WAS 7.0.0.9, 6.1.0.31 and 6.0.2.41 are vulnerable.

IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for details.

IBM WebSphere Application Server 'resources.xml' Information Disclosure Vulnerability

References:

• IBM Websphere Homepage (IBM)
  
• Websphere Application Server wsadmin scripting information disclosure (IBM Internet Security Systems)