Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4833

Description

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

Affected products

IBM/Websphere Application Server2 versions
cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
- (no CPE)range: < 20050201

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
secunia.com/advisories/24478nvdVendor Advisory
osvdb.org/34177nvd
www.securityfocus.com/bid/22991nvd
www.vupen.com/english/advisories/2007/0970nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000