CVE-2010-2326
https://notcve.org/view.php?id=CVE-2010-2326
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11, cuando addNode-trace se utiliza mientras la federación de nodos, permite a atacantes remotos conseguir información sensible acercad de acciones de la traza CIMMetadataCollectorImpl leyendo el fichero addNode.log. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10684 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.osvdb.org/65438 http://www.securityfocus.com/bid/40699 http://www.vupen.com/english/advisories/2010/1411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2087
https://notcve.org/view.php?id=CVE-2010-2087
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. Oracle Mojarra v1.2_14 y v2.0.2, utilizado en IBM WebSphere Application Server, Caucho Resin, y otras aplicaciones, no maneja adecuadamente un estado de vista sin cifrar, lo que permite a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS) o ejecutar sentencias del lenguaje de expresión (EL) a través de vectores que pretenden modificar las vistas de objetos serializados. • http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0774
https://notcve.org/view.php?id=CVE-2010-0774
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementaciones (1) JAX-RPC WS-Security v1.0 y (2) JAX-WS en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.41, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no manejan de forma adecuada los elementos WebServices PKCS#7 and PKIPath, lo que permite a usuarios remotos saltarse las restricciones de acceso a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK96427 https://exchange.xforce.ibmcloud.com/vulnerabilities/58554 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0777
https://notcve.org/view.php?id=CVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada los nombres de ficheros largos y consecuentemente envían un fichero incorrecto en algunas respuestas, lo que permite a atacantes remotos obtener información sensible leyendo el fichero obtenido. • http://secunia.com/advisories/39838 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/40277 http://www.vupen.com/english/advisories/2010/1200 https://exchange.xforce.ibmcloud.com/vulnerabilities/58557 • CWE-20: Improper Input Validation •
CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de una petición manipulada, relativo a los componentes nodeagent y Deployment Manager. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 https://exchange.xforce.ibmcloud.com/vulnerabilities/58555 • CWE-399: Resource Management Errors •