CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1898
https://notcve.org/view.php?id=CVE-2009-1898
03 Jun 2009 — The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. la página de "secure login" en el componente Administrative console en IBM WebSphere Application Server (WAS)v6.0.2 anterior a v6.0.2.35 no redirecciona a una página https hasta que recibe una petición http, lo que... • http://secunia.com/advisories/35301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1900
https://notcve.org/view.php?id=CVE-2009-1900
03 Jun 2009 — The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. El Configservice APIs en el Administrative Console component en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.35, permite a atacantes obtener información sensible a través de vectores no esp... • http://secunia.com/advisories/35301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1901
https://notcve.org/view.php?id=CVE-2009-1901
03 Jun 2009 — The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. El componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.35 permite ·métodos http no estándares" que tienen vectores de ataque e impacto desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0899
https://notcve.org/view.php?id=CVE-2009-0899
03 Jun 2009 — IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 a la v6.1.0.24 y v7.0 a ... • http://www-01.ibm.com/support/docview.wss?uid=swg21375859 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 33EXPL: 0CVE-2009-1899
https://notcve.org/view.php?id=CVE-2009-1899
03 Jun 2009 — Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." Vulnerabilidad sin especificar en el componente Management/Repository en IBM WebSphere Application Server (WAS) v6.0.2 anteri... • http://secunia.com/advisories/35301 •
CVSS: 10.0EPSS: 1%CPEs: 27EXPL: 0CVE-2009-1172
https://notcve.org/view.php?id=CVE-2009-1172
31 Mar 2009 — The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. El JAX-RPC Runtime WS-Security en el componente Web Services Security en IBM WebSphere Application Server (WAS) v6.1 versiones anteriores a v6.1.0.23 y v7.0 versiones anteriores a v7.0.0.3, cuando APAR PK41002 está instalado, no... • http://secunia.com/advisories/34131 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2009-0892
https://notcve.org/view.php?id=CVE-2009-0892
31 Mar 2009 — The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. La consola de administración en IBM WebSphere Application Server (WAS) v6.1 versiones anteriores a v6.1.0.23 y v7.0 versiones anteriores a v7.0.0.3 permite a atacantes secuestrar sesiones de usuarios en "escenarios específicos" relacionados con cierres de sesión forzadas. • http://secunia.com/advisories/34131 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 59EXPL: 0CVE-2009-0891
https://notcve.org/view.php?id=CVE-2009-0891
25 Mar 2009 — The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. El componente Web Services Security en IBM WebSphere Application Server v7.0 anterior a Fix Pac... • http://secunia.com/advisories/34131 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0CVE-2009-0508
https://notcve.org/view.php?id=CVE-2009-0508
16 Mar 2009 — The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v5.1.0, v5.1.1.19, v... • http://secunia.com/advisories/34283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2009-0856
https://notcve.org/view.php?id=CVE-2009-0856
09 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en aplicaciones de muestra en IBM WebSphere Application Server (WAS) versión 6.0.2 anteriores a 6.0.2.35, y versión 6.1 anterior a 6.1.0.23 en z/OS, permiten a atacantes remotos inyectar script... • http://securitytracker.com/id?1021811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •