Page 15 of 76 results (0.006 seconds)

CVSS: 10.0EPSS: 2%CPEs: 13EXPL: 0

CVE-2006-2430

https://notcve.org/view.php?id=CVE-2006-2430

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang= http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064 http://www-1.ibm.com •

CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0

CVE-2006-1093

https://notcve.org/view.php?id=CVE-2006-1093

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. • http://securitytracker.com/id?1015716 http://www-1.ibm.com/support/docview.wss?uid=swg21231377 http://www.securityfocus.com/bid/16908 http://www.vupen.com/english/advisories/2006/0788 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

CVE-2005-4834

https://notcve.org/view.php?id=CVE-2005-4834

IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24008814 http://www-1.ibm.com/support/docview.wss?uid=swg24013840 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-3498

https://notcve.org/view.php?id=CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. • http://securitytracker.com/id?1015134 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980 http://www-1.ibm.com/support/docview.wss?uid=swg24010781 http://www.securityfocus.com/bid/15303 http://www.vupen.com/english/advisories/2005/2291 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 2%CPEs: 20EXPL: 1

CVE-2005-1112 – IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure

https://notcve.org/view.php?id=CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. • https://www.exploit-db.com/exploits/25420 http://marc.info/?l=bugtraq&m=111342594129109&w=2 http://secunia.com/advisories/14962 http://securitytracker.com/id?1013697 http://www.osvdb.org/15501 http://www.securityfocus.com/bid/13160 https://exchange.xforce.ibmcloud.com/vulnerabilities/20099 •