Unrated severityNVD Advisory· Published Nov 4, 2005· Updated Apr 16, 2026

CVE-2005-3498

Description

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

Affected products

IBM/Websphere Application Server
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
Range: >=5.0.0,<5.02.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www-1.ibm.com/support/docview.wssnvdVendor Advisory
www-1.ibm.com/support/docview.wssnvdVendor Advisory
www.securityfocus.com/bid/15303nvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2005/2291nvdPermissions RequiredThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.042
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000