Unrated severityNVD Advisory· Published Aug 18, 2006· Updated Apr 16, 2026
CVE-2006-4223
CVE-2006-4223
Description
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
Affected products
7cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*range: <=6.0.2.11
- cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/21487nvdPatchVendor Advisory
- secunia.com/advisories/24478nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3281nvdVendor Advisory
- www.vupen.com/english/advisories/2007/0970nvdVendor Advisory
- www-1.ibm.com/support/docview.wssnvd
- www-1.ibm.com/support/docview.wssnvd
- www-1.ibm.com/support/docview.wssnvd
- www.securityfocus.com/bid/22991nvd
News mentions
0No linked articles in our index yet.