CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-2742
https://notcve.org/view.php?id=CVE-2009-2742
21 Sep 2009 — Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la ayuda de Eclipse del servidor de aplicaciones IBM WebSphere (WAS) en versiones v6.1 anteriores a la v 6.1.0.27 permite a usuarios remotos inyectar codigo de script web o código HTML a través de una entrada sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2009-3106
https://notcve.org/view.php?id=CVE-2009-3106
08 Sep 2009 — The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.37, no implementa adecuadamente las restriccione... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2087
https://notcve.org/view.php?id=CVE-2009-2087
13 Aug 2009 — The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. la funcionalidad Web Services en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.25 y v7.0 anterior a v7.0.0.5, en ciertas circunstancias e in... • http://secunia.com/advisories/34461 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2089
https://notcve.org/view.php?id=CVE-2009-2089
13 Aug 2009 — The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. El componente Migration en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.25 y v7.0 anteriores a v7.0.0.5, cuando cuando la traza está habilitada y una migración de 6.0 a 7.0 ha sucedido, lo que permite a los usuarios r... • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-16: Configuration •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0906
https://notcve.org/view.php?id=CVE-2009-0906
13 Aug 2009 — The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. El Service Component Architecture (SCA) "feature pack" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.tra... • http://secunia.com/advisories/36306 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2085
https://notcve.org/view.php?id=CVE-2009-2085
13 Aug 2009 — The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). El componente Security en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.25 y v7.0 anterior a v7.0.0.5 no maneja adecuadamente la Aserción de Identidad (Identity Assertion) con CSIv2 Security,... • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2088
https://notcve.org/view.php?id=CVE-2009-2088
13 Aug 2009 — The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.25 y v7.0 anterior a v7.0.0.5, cuando SPNEGO Si... • http://www-01.ibm.com/support/docview.wss?uid=swg24022479 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 35%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2009-0904
https://notcve.org/view.php?id=CVE-2009-0904
05 Jul 2009 — The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. IBM Stax XMLStreamWriter en el componente Web Services de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.25 , no procesa adecuadamente codificación XML, esto permite a atacantes remotos ev... • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2009-0903
https://notcve.org/view.php?id=CVE-2009-0903
24 Jun 2009 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.3, y el Pack de características para Web Services par... • http://www-1.ibm.com/support/docview.wss?uid=swg1PK72138 •