|Date: (C)2010-05-17 (M)2017-08-18|
|CVSS Score: 2.6||Access Vector: NETWORK|
|Exploitability Subscore: 4.9||Access Complexity: HIGH|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 18.104.22.168, 6.1 before 22.214.171.124, and 7.0 before 126.96.36.199 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.