CVSS: 7.5EPSS: 1%CPEs: 136EXPL: 1CVE-2016-5983 – IBM WebSphere 7 / 8 / 8.5 / 9 Deserialization Issue
https://notcve.org/view.php?id=CVE-2016-5983
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.11, 9.0 en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.4 permite a usuarios remotos autenticados ejecutar código Java arbitrario a través de un objeto serializado manipulado. IBM WebSphere versions 7, 8, 8.5, and 9 deserialize untrusted data. This can lead to denial of service and remote code execution vulnerabilities. • https://github.com/BitWrecker/CVE-2016-5983 http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375 http://www.securityfocus.com/bid/93162 https://www-01.ibm.com/support/docview.wss?uid=swg21990060 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 136EXPL: 0CVE-2016-5986
https://notcve.org/view.php?id=CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13, 8.5.x en versiones anteriores a 8.5.5.11, 9.0.x en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.3 maneja respuestas de manera incorrecta, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67093 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 http://www.securityfocus.com/bid/93013 http://www.securitytracker.com/id/1036838 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 67EXPL: 0CVE-2016-0385
https://notcve.org/view.php?id=CVE-2016-0385
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.10, 9.0 en versiones anteriores a 9.0.0.1 y Liberty en versiones anteriores a 16.0.0.3, cuando HttpSessionIdReuse está activado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026 http://www-01.ibm.com/support/docview.wss?uid=swg21982588 http://www.securityfocus.com/bid/92505 http://www.securitytracker.com/id/1036654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 67EXPL: 0CVE-2016-2960
https://notcve.org/view.php?id=CVE-2016-2960
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.0.x en versiones anteriores a 8.0.0.13, 8.5.0.x en versiones anteriores a 8.5.5.10, 8.5.0.x y 16.0.0.x Liberty en versiones anteriores a Liberty Fix Pack 16.0.0.3 y 9.0.0.x en versiones anteriores a 9.0.0.1 permite a atacantes remotos provocar una denegación de servicio a través de mensajes SIP manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548 http://www-01.ibm.com/support/docview.wss?uid=swg21984796 http://www.securityfocus.com/bid/92354 http://www.securitytracker.com/id/1036514 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 61EXPL: 0CVE-2016-0359
https://notcve.org/view.php?id=CVE-2016-0359
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 Full en versiones anteriores a 8.5.5.10 y 8.5 Liberty en versiones anteriores a Liberty Fix Pack 16.0.0.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI58918 http://www-01.ibm.com/support/docview.wss?uid=swg21982526 http://www.securityfocus.com/bid/91484 http://www.securitytracker.com/id/1036184 •