CVE-2016-8919
https://notcve.org/view.php?id=CVE-2016-8919
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. IBM WebSphere Application Server puede ser vulnerable a una denegación de servicio, provocada al permitir que los objetos serializados de fuentes no fiables se ejecuten y causen el consumo de recursos. • http://www.ibm.com/support/docview.wss?uid=swg21993797 http://www.securityfocus.com/bid/95650 http://www.securitytracker.com/id/1037710 • CWE-399: Resource Management Errors •
CVE-2016-0378
https://notcve.org/view.php?id=CVE-2016-0378
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. IBM WebSphere Application Server (WAS) Liberty en versiones anteriores a 16.0.0.3, cuando la instalación carece de una página de error predeterminada, permite a atacantes remotos obtener información sensible desencadenando una excepción. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI54459 http://www-01.ibm.com/support/docview.wss?uid=swg21981529 http://www.securityfocus.com/bid/93143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0377
https://notcve.org/view.php?id=CVE-2016-0377
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors. La Administrative Console en IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13 y 8.5.x en versiones anteriores a 8.5.5.10 no maneja correctamente las cookies CSRFtoken, lo que permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 http://www.securityfocus.com/bid/92514 http://www.securitytracker.com/id/1036653 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5983 – IBM WebSphere 7 / 8 / 8.5 / 9 Deserialization Issue
https://notcve.org/view.php?id=CVE-2016-5983
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.11, 9.0 en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.4 permite a usuarios remotos autenticados ejecutar código Java arbitrario a través de un objeto serializado manipulado. IBM WebSphere versions 7, 8, 8.5, and 9 deserialize untrusted data. This can lead to denial of service and remote code execution vulnerabilities. • https://github.com/BitWrecker/CVE-2016-5983 http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375 http://www.securityfocus.com/bid/93162 https://www-01.ibm.com/support/docview.wss?uid=swg21990060 • CWE-284: Improper Access Control •
CVE-2016-5986
https://notcve.org/view.php?id=CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13, 8.5.x en versiones anteriores a 8.5.5.11, 9.0.x en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.3 maneja respuestas de manera incorrecta, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67093 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 http://www.securityfocus.com/bid/93013 http://www.securitytracker.com/id/1036838 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •