Totally Secure

Security Information and News

NVD NVD Nist GOV

NVD – CVE-2020-5016

ByTotally Secure

Mar 14, 2021
Changed Description 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled.  IBM X-Force ID:  193556.
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.

By Totally Secure

Related Post

NVD NVD Nist GOV

NVD – CVE-2017-20187

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2017-7252

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2018-25092

Nov 7, 2023 Totally Secure

You missed

CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 30, 2024

January 7, 2025 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 23, 2024

December 31, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 16, 2024

December 24, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of December 9, 2024

December 17, 2024 Totally Secure