|Category:||Information Leak / Disclosure|
Published on 04/11/05 - Updated on 26/09/18
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 220.127.116.11, and 6.x before fixpack V18.104.22.168, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.