Unrated severityNVD Advisory· Published Dec 19, 2006· Updated Apr 23, 2026
CVE-2006-6637
CVE-2006-6637
Description
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
Affected products
8cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- secunia.com/advisories/23414nvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdPatch
- secunia.com/advisories/24478nvdVendor Advisory
- www.vupen.com/english/advisories/2006/5050nvdVendor Advisory
- www.vupen.com/english/advisories/2007/0970nvdVendor Advisory
- www-1.ibm.com/support/docview.wssnvd
- www-1.ibm.com/support/docview.wssnvd
- www.securityfocus.com/bid/21636nvd
- www.securityfocus.com/bid/22991nvd
News mentions
0No linked articles in our index yet.