CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2006-7198
https://notcve.org/view.php?id=CVE-2006-7198
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) anterior a 5.1.1.14, y WAS para z/OS 601 anterior a 6.0.2.13, tiene un impacto desconocido y vectores de ataque, relacionado con una "exposición de seguridad potencial", también conocido como PK26123. • http://secunia.com/advisories/25045 http://securitytracker.com/id?1017976 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29435 http://www-1.ibm.com/support/search.wss?rs=0&q=PK26123&apar=only http://www.vupen.com/english/advisories/2007/1553 https://exchange.xforce.ibmcloud.com/vulnerabilities/33949 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1945
https://notcve.org/view.php?id=CVE-2007-1945
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. Vulnerabilidad no especificada en Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) anterior a 6.1.0.7 tiene un impacto desconocido y vectores de ataque. • http://osvdb.org/41605 http://secunia.com/advisories/24852 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 http://www-1.ibm.com/support/search.wss?rs=0&q=PK36447&apar=only http://www.vupen.com/english/advisories/2007/1282 https://exchange.xforce.ibmcloud.com/vulnerabilities/33471 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1944
https://notcve.org/view.php?id=CVE-2007-1944
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. Java Message Service (JMS) en IBM WebSphere Application Server (WAS) versiones anteriores a 6.1.0.7, permite a atacantes causar una denegación de servicio por medio de vectores desconocidos que implican la "double release [of] a bytebuffer input stream”, posiblemente una vulnerabilidad de doble liberación. • http://secunia.com/advisories/24852 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 http://www.vupen.com/english/advisories/2007/1282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-1608
https://notcve.org/view.php?id=CVE-2007-1608
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. Vulnerabilidad de inyección de retornos de carro y saltos de línea en BM WebSphere Application Server (WAS) versiones anteriores a 6.0.2.19 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir respuestas HTTP fraccionando ataques mediante una secuencia de retornos de carro y saltos de línea en un contexto que no es una cabecera válida multi-línea. • http://osvdb.org/34484 http://secunia.com/advisories/24552 http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732 http://www.securityfocus.com/bid/23086 http://www.securitytracker.com/id?1017806 http://www.vupen.com/english/advisories/2007/1062 https://exchange.xforce.ibmcloud.com/vulnerabilities/33123 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2006-6637
https://notcve.org/view.php?id=CVE-2006-6637
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." El motor de Servlets y el contenedor Web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.17 permite a atacantes remotos leer el código fuente de ficheros JSP y obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •