CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0CVE-2006-3231
https://notcve.org/view.php?id=CVE-2006-3231
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) antes de v6.0.2.11, cuando fileServingEnabled esta puesto a TRUE, permite a atacantes remotos obtener el código fuente JSP y otra información sensible a través de una "URI con caracteres especiales." • http://secunia.com/advisories/20732 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www.securityfocus.com/bid/18578 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/2482 http://www.vupen.com/english/advisories/2007/0970 •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2006-3232
https://notcve.org/view.php?id=CVE-2006-3232
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." Vulnerabilidad sin especificar en el servidor de aplicaciones IBM WebSphere en versiones anteriores a la v6.0.2.11 tiene un impacto y vectores de ataque desconocidos debido a que "la caché UserNameToken no es usada apropiadamente". • http://secunia.com/advisories/20732 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876 http://www.securityfocus.com/bid/18578 http://www.vupen.com/english/advisories/2006/2482 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0962
https://notcve.org/view.php?id=CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html http://www.osvdb.org/5492 http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 3CVE-2001-0390 – IBM Websphere/Net.Commerce 3 - CGI-BIN Macro Denial of Service
https://notcve.org/view.php?id=CVE-2001-0390
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. • https://www.exploit-db.com/exploits/20753 http://www.securityfocus.com/archive/1/176100 http://www.securityfocus.com/bid/2588 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 3CVE-2000-0652 – IBM Websphere Application Server 2.0./3.0/3.0.2.1 - Showcode
https://notcve.org/view.php?id=CVE-2000-0652
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. • https://www.exploit-db.com/exploits/20097 http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html http://www.securityfocus.com/bid/1500 https://exchange.xforce.ibmcloud.com/vulnerabilities/5012 •