CVE-2009-3106

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 6.0.2 through 6.0.2.36

Description: The issue concerns the Servlet Engine/Web Container component, which fails to properly implement security constraints on the doGet and doTrace methods. This allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.

Recommendations: For IBM WebSphere Application Server versions 6.0.2 through 6.0.2.36, update to version 6.0.2.37 or later to resolve the issue.