CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1322
https://notcve.org/view.php?id=CVE-2011-1322
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. La implementación de SOAP con adjuntos para la API Java (SAAJ) en el componente de servicios Web en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de mensajes SOAP cifrados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1317
https://notcve.org/view.php?id=CVE-2011-1317
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. Pérdida de memoria en com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante el envío de muchas peticiones JSP que desencadenan respuestas de gran tamaño. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0316
https://notcve.org/view.php?id=CVE-2011-0316
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. El componente de Consola de Administración de IBM WebSphere Application Server (WAS) v6.1 antrior a v6.1.0.35 y v7.0.0.15 7.0 no restringe correctamente el acceso a la consola de servlets, lo que permite a atacantes remotos obtener información sobre el estado potencialmente sensible a través de una solicitud directa. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64558 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el falta de una página de error para una aplicación. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 33EXPL: 0CVE-2010-0785
https://notcve.org/view.php?id=CVE-2010-0785
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62949 • CWE-352: Cross-Site Request Forgery (CSRF) •