Sensitive Information Leakage through Session Trace in IBM WebSphere Application Server

Sensitive Information Leakage through Session Trace in IBM WebSphere Application Server

CVE-2005-3498 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

Learn more about our Cis Benchmark Audit For Ibm Websphere.