Remote Path Disclosure in IBM WebSphere and NetCommerce 3.1.2
CVE-2001-0389

Currently unrated

Key Information:

Vendor: IBM
Status: Net.commerce; Websphere Application Server
Vendor: CVE Published:; 2 July 2001

Summary

IBM WebSphere/NetCommerce 3.1.2 contains a vulnerability that permits remote attackers to reveal the actual server path by invoking the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. This flaw could potentially aid attackers in further compromising system security or launching additional attacks.

References

http://www.securityfocus.com/bid/2587

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/176100

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 2, 2001
Vulnerability Reserved
May 24, 2001