CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1447
https://notcve.org/view.php?id=CVE-2003-1447
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. • http://securityreason.com/securityalert/3277 http://www.securityfocus.com/archive/1/310118 http://www.securityfocus.com/archive/1/310796 http://www.securityfocus.com/bid/6758 https://exchange.xforce.ibmcloud.com/vulnerabilities/11245 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2002-1169 – IBM Websphere Caching Proxy 3.6/4.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2002-1169
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. IBM Web Traffic Express Caching Proxy Server 3.6 y 4.x antes de 4.0.1.26 permite atacantes remotso causar una denegación de servicio (caída) mediante una petición HTTP a helpout.exe sin número de versión HTTP, lo que hace que ibmproxy.exe se caiga. • https://www.exploit-db.com/exploits/21949 http://www-1.ibm.com/support/search.wss?rs=0&q=IY35970&apar=only http://www.iss.net/security_center/static/10452.php http://www.osvdb.org/2090 http://www.rapid7.com/advisories/R7-0007.txt http://www.securityfocus.com/bid/6002 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1168 – IBM Websphere Edge Server 3.69/4.0 - HTTP Header Injection
https://notcve.org/view.php?id=CVE-2002-1168
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. Vulnerabiliad de scripts en sitios cruzados (XSS) en IBM Web Traffic Express Caching Proxy Server 3.6 y 4.x anteriores a 4.0.1.26 permite a atacantes remotos ejecutar código como otros usuarios mediante una petición HTTP que contiene una cabecera Location: con una secuencia "%0a%0d" (CRLF), lo que de vuelve la Localización como una cabecera HTTP en la respuesta del servidor. • https://www.exploit-db.com/exploits/21948 http://www.iss.net/security_center/static/10454.php http://www.securityfocus.com/bid/6001 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2002-1167 – IBM Websphere Edge Server 3.6/4.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1167
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. Vulnerabilidad scripts en sitios cruzados en IBM Web Traffic Express Caching Proxy Server 3.6 y 3.x anteriores a 4.0.1.26 permite a atacantes remotos ejecutar código como otros mediante una petición HTTP GET. • https://www.exploit-db.com/exploits/21947 http://www.iss.net/security_center/static/10453.php http://www.securityfocus.com/bid/6000 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1153
https://notcve.org/view.php?id=CVE-2002-1153
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". IBM Websphere 4.0.3 permite a atacantes remotos causar una denegación de servicio (caída), y posiblemente ejecutar código arbitrario mediante una petición HTTP con cabeceras HTTP largas, como "Host". • ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt http://marc.info/?l=bugtraq&m=103244572803950&w=2 http://www.iss.net/security_center/static/10140.php http://www.osvdb.org/2092 http://www.securityfocus.com/bid/5749 •