Vulnerability Details CVE-2016-2961
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2016-2961
-
cpe:2.3:a:ibm:integration_bus:10.0
-
cpe:2.3:a:ibm:integration_bus:10.0.0.1
-
cpe:2.3:a:ibm:integration_bus:10.0.0.2
-
cpe:2.3:a:ibm:integration_bus:10.0.0.3
-
cpe:2.3:a:ibm:integration_bus:10.0.0.4
-
cpe:2.3:a:ibm:integration_bus:9.0
-
cpe:2.3:a:ibm:integration_bus:9.0.0.1
-
cpe:2.3:a:ibm:integration_bus:9.0.0.2
-
cpe:2.3:a:ibm:integration_bus:9.0.0.3
-
cpe:2.3:a:ibm:integration_bus:9.0.0.4
-
cpe:2.3:a:ibm:integration_bus:9.0.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:8.0
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.6
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.7