CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0391
https://notcve.org/view.php?id=CVE-2009-0391
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. Una vulnerabilidad sin especificar en el IBM WebSphere Application Server (WAS) 6.0.1 en z/OS permite a los atacantes leer ficheros arbitrarios a través de vectores desconocidos. • http://osvdb.org/51663 http://secunia.com/advisories/33729 http://www-01.ibm.com/support/docview.wss?uid=swg1PK72036 http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232 http://www.securityfocus.com/bid/33533 http://www.securitytracker.com/id?1021658 http://www.vupen.com/english/advisories/2009/0423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5412
https://notcve.org/view.php?id=CVE-2008-5412
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) versiones 7 y anteriores a 7.0.0.1 en Windows, presenta un impacto y vectores de ataque desconocidos relacionados con JSP. • http://secunia.com/advisories/33022 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/47134 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5413
https://notcve.org/view.php?id=CVE-2008-5413
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. PerfServlet en el componente PMI/Performance Tools en IBM WebSphere Application Server (WAS) versiones 7 anteriores a 7.0.0.1, permite a los atacantes obtener información confidencial mediante la lectura de los archivos (1) systemout.log y (2) ffdc. NOTA: esto es probablemente un duplicado de CVE-2009-0434. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 http://www.vupen.com/english/advisories/2009/0423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5411
https://notcve.org/view.php?id=CVE-2008-5411
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. IBM WebSphere Application Server (WAS) 7 y versiones anteriores 7.0.0.1 que envía tráfico SSL sobre "TCP inseguro", el cual hace más fácil para usuarios remotos obtener información sensible, rastreando la red. • http://secunia.com/advisories/33022 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK74777 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/47135 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2008-4679
https://notcve.org/view.php?id=CVE-2008-4679
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. El componente Web Services Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.31 y v6.1 anterior a v6.1.0.19, cuando el Certificate Store Collections está configurado para usar las Certificate Revocation Lists (CRL), no llama al método setRevocationEnabled en el objeto PKIXBuilderParameters, que previene el "Java security method" desde la validación del estado de revocación de lso certificados X.509 y permite a atacantes remotos saltarse las restricciones de acceso establecidas a través de un mensaje SOAP con un certificado revocado. • http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61258 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/46002 • CWE-287: Improper Authentication •