CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2008-4679
https://notcve.org/view.php?id=CVE-2008-4679
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. El componente Web Services Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.31 y v6.1 anterior a v6.1.0.19, cuando el Certificate Store Collections está configurado para usar las Certificate Revocation Lists (CRL), no llama al método setRevocationEnabled en el objeto PKIXBuilderParameters, que previene el "Java security method" desde la validación del estado de revocación de lso certificados X.509 y permite a atacantes remotos saltarse las restricciones de acceso establecidas a través de un mensaje SOAP con un certificado revocado. • http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61258 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/46002 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2008-4678
https://notcve.org/view.php?id=CVE-2008-4678
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." El método HTTP_Request_Parser en el componente HTTP Transport en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.31, permite a atacantes remotos provocar una denegación de servicio (Finalización incorrecta del controlador OC4 y cuelgue de aplicación) a través de una cabecera HTTP Host larga, relacionado con "storage overlay (superposición de almacenamiento)" sobre la pila y "parse failure. (fallo de validación)" • http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK69371 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/45993 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0CVE-2008-2550
https://notcve.org/view.php?id=CVE-2008-2550
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. Vulnerabilidad sin especificar del componente Web Services Security en Web Services Security (WAS) versiones 6.1 anteriores a la 6.1.0.17 tiene un impacto desconocido y vectores de ataque relacionados con un atributo de la cabecera de seguridad SOAP. • http://secunia.com/advisories/30526 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61315 http://www.securitytracker.com/id?1020168 http://www.vupen.com/english/advisories/2008/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/42822 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0741
https://notcve.org/view.php?id=CVE-2008-0741
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors. Vulnerabilidad sin especificar en la utilidad PropFilePasswordEncoder de IBM WebSphere Application Server (WAS) antes de 6.0.2 Fix Pack 25 (6.0.2.25). El impacto y los vectores de ataque son desconocidos. • http://secunia.com/advisories/28588 http://securitytracker.com/id?1019254 http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK52709&uid=swg1PK58871&loc=en_US&cs=utf-8&lang= http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/27400 http://www.vupen.com/english/advisories/2008/0241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0740
https://notcve.org/view.php?id=CVE-2008-0740
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. IBM WebSphere Application Server (WAS) versiones anteriores a 6.0.2 Fix Pack 25 (6.0.2.25) escribe información sin especificar en texto claro en http_plugin.log, lo cual permite a usuarios locales obtener información sensible leyendo ese fichero. • http://osvdb.org/42878 http://www-1.ibm.com/support/docview.wss?uid=swg1PK48785 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/27400 http://www.vupen.com/english/advisories/2008/0241 • CWE-264: Permissions, Privileges, and Access Controls •