CVE-2010-1651

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 6.1.x through 6.1.0.30 IBM WebSphere Application Server (WAS) versions 7.0.x through 7.0.0.10

Description The issue allows local users to obtain sensitive information by reading the trace log when Basic authentication and SIP tracing are enabled. This occurs because the software logs the entirety of all inbound and outbound SIP messages.

Recommendations For IBM WebSphere Application Server (WAS) versions 6.1.x through 6.1.0.30, update to version 6.1.0.31 or later. For IBM WebSphere Application Server (WAS) versions 7.0.x through 7.0.0.10, update to version 7.0.0.11 or later.