CVE-2010-1651

medium

Description

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58324

http://www.vupen.com/english/advisories/2010/1411

http://www.osvdb.org/65437

http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892

http://secunia.com/advisories/40096

http://secunia.com/advisories/39628

Details

Source: Mitre, NVD

Published: 2010-05-03

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium