CVE-2007-1608
https://notcve.org/view.php?id=CVE-2007-1608
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. Vulnerabilidad de inyección de retornos de carro y saltos de línea en BM WebSphere Application Server (WAS) versiones anteriores a 6.0.2.19 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir respuestas HTTP fraccionando ataques mediante una secuencia de retornos de carro y saltos de línea en un contexto que no es una cabecera válida multi-línea. • http://osvdb.org/34484 http://secunia.com/advisories/24552 http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732 http://www.securityfocus.com/bid/23086 http://www.securitytracker.com/id?1017806 http://www.vupen.com/english/advisories/2007/1062 https://exchange.xforce.ibmcloud.com/vulnerabilities/33123 •
CVE-2006-6637
https://notcve.org/view.php?id=CVE-2006-6637
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." El motor de Servlets y el contenedor Web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.17 permite a atacantes remotos leer el código fuente de ficheros JSP y obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-6636
https://notcve.org/view.php?id=CVE-2006-6636
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •
CVE-2006-5323
https://notcve.org/view.php?id=CVE-2006-5323
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. Vulnerabilidad no especificada en IBM WebSphere Application Server anterior a 6.1.0.2 tiene impacto y vectores de ataque no especificados, relacionado con una "posible exposición de seguridad", también conocido como PK29360. • http://secunia.com/advisories/22372 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK29360&apar=only http://www.vupen.com/english/advisories/2006/4000 •
CVE-2006-5324
https://notcve.org/view.php?id=CVE-2006-5324
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. El componente de seguridad Web Services Notification (WSN) de IBM WebSphere Application Server anterior a 6.1.0.2 permite a atacantes obtener acceso no especificado sin suministrar nombre de usuario y contraseña, también conocido como PK28374. • http://secunia.com/advisories/22372 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013142 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK28374&apar=only http://www.vupen.com/english/advisories/2006/4000 •