|Category:||Information Leak / Disclosure|
Published on 04/11/05 - Updated on 08/03/11
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 18.104.22.168, and 6.x before fixpack V22.214.171.124, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.