CVE-2009-1173

critical

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.

References

http://www.vupen.com/english/advisories/2009/0854

http://www.securityfocus.com/bid/34259

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

http://www-01.ibm.com/support/docview.wss?uid=swg1PK82988

http://www-01.ibm.com/support/docview.wss?uid=swg1PK77590

http://secunia.com/advisories/34461

http://secunia.com/advisories/34131

Details

Source: Mitre, NVD

Published: 2009-03-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical