CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2006-6637
https://notcve.org/view.php?id=CVE-2006-6637
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." El motor de Servlets y el contenedor Web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.17 permite a atacantes remotos leer el código fuente de ficheros JSP y obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2006-6636
https://notcve.org/view.php?id=CVE-2006-6636
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-6537
https://notcve.org/view.php?id=CVE-2006-6537
IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0 y posiblemente la 10, permite a atacantes remotos evitar la autenticación a través del parámetro pnl modificado, relacionado con hod/HODAdmin.html y hod/frameset.html. • http://secunia.com/advisories/22652 http://securityreason.com/securityalert/2030 http://www.securityfocus.com/archive/1/454050/100/0/threaded http://www.vupen.com/english/advisories/2006/4943 https://exchange.xforce.ibmcloud.com/vulnerabilities/30826 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6136
https://notcve.org/view.php?id=CVE-2006-6136
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. IBM WebSphere Application Server 6.1.0 anterior al Fix Pack 3 (6.1.0.3) no realiza las comprobaciones de autenticación EAL4 en el momento adecuado durante el "registro de la operación de respuesta", lo cual tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23028 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK29847&apar=only http://www.securityfocus.com/bid/21204 http://www.vupen.com/english/advisories/2006/4639 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6135
https://notcve.org/view.php?id=CVE-2006-6135
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). Múltiples vulnerabilidades no especificadas en IBM WebSphere Application Server 6.1.0 anterior al Fix Pack 3 (6.1.0.3) tienen impacto y vectores de ataque desconocidos, relacionados con (1) una "potencial vulnerabilidad de seguridad" (PK29725) y (2) "una potencial exposición de seguridad" (PK30831). • http://secunia.com/advisories/23028 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK29725&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=PK30831&apar=only http://www.securityfocus.com/bid/21204 http://www.vupen.com/english/advisories/2006/4639 •