CVE-2009-0508

N/A Unknown

Published: March 16, 2009 Modified: April 23, 2026

Description

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/34283

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34876

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456

Source: cve@mitre.org

Patch Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?uid=swg21380233

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21380376

Source: cve@mitre.org

Patch Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg27006876

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/34104

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0704

Source: cve@mitre.org

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/1188

Source: cve@mitre.org

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/1464

Source: cve@mitre.org

Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49085

Source: cve@mitre.org

http://secunia.com/advisories/34283

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34876

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21380233

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21380376

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg27006876

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/34104

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0704

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/1188

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/1464

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49085

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.7%

82th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

ibm

Related CVEs

CVE-2026-6982 6.3

CVE-2026-6981 6.3

CVE-2026-6980 7.3

CVE-2026-6979 6.3

CVE-2026-6978 4.7