Unrated severityNVD Advisory· Published Mar 20, 2007· Updated Jun 16, 2026
CVE-2006-7164
CVE-2006-7164
Description
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
Affected products
19cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
- (no CPE)range: 5.0.1 through 5.0.2.7
Patches
Vulnerability mechanics
References
1- www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.