CVSS: 5.0EPSS: 1%CPEs: 34EXPL: 0CVE-2006-7166
https://notcve.org/view.php?id=CVE-2006-7166
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." IBM WebSphere Application Server (WAS) 5.1.1.9 y anteriores permiten a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24011720 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2006-6636
https://notcve.org/view.php?id=CVE-2006-6636
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5323
https://notcve.org/view.php?id=CVE-2006-5323
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. Vulnerabilidad no especificada en IBM WebSphere Application Server anterior a 6.1.0.2 tiene impacto y vectores de ataque no especificados, relacionado con una "posible exposición de seguridad", también conocido como PK29360. • http://secunia.com/advisories/22372 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK29360&apar=only http://www.vupen.com/english/advisories/2006/4000 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5324
https://notcve.org/view.php?id=CVE-2006-5324
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. El componente de seguridad Web Services Notification (WSN) de IBM WebSphere Application Server anterior a 6.1.0.2 permite a atacantes obtener acceso no especificado sin suministrar nombre de usuario y contraseña, también conocido como PK28374. • http://secunia.com/advisories/22372 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK28374&apar=only http://www.vupen.com/english/advisories/2006/4000 •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2006-4223
https://notcve.org/view.php?id=CVE-2006-4223
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137. IBM WebSphere Application Server anterior a 6.0.2.13 permiet a atacantes locales o remotos (dependiendo del contexto) obtener información sensible a través de vectores no especificados relacionados con (1) "exposición de código fuente JSTP" (PK23475), (2) el archivo de registro de la Captura de Datos del Primer Fallo (First Failure Data Capture)(ffdc)(PK24834), y (3) trazas (PK25568), un problema distinto de CVE-2006-4137. • http://secunia.com/advisories/21487 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24013827 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/3281 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •