Unrated severityNVD Advisory· Published Dec 19, 2006· Updated Jun 16, 2026
CVE-2006-6637
CVE-2006-6637
Description
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
- (no CPE)range: <6.0.2.17
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/23414nvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdPatch
- secunia.com/advisories/24478nvdVendor Advisory
- www.vupen.com/english/advisories/2006/5050nvdVendor Advisory
- www.vupen.com/english/advisories/2007/0970nvdVendor Advisory
- www-1.ibm.com/support/docview.wssnvd
- www-1.ibm.com/support/docview.wssnvd
- www.securityfocus.com/bid/21636nvd
- www.securityfocus.com/bid/22991nvd
News mentions
0No linked articles in our index yet.