Page 19 of 210 results (0.018 seconds)

CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de una petición manipulada, relativo a los componentes nodeagent y Deployment Manager. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 https://exchange.xforce.ibmcloud.com/vulnerabilities/58555 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragmentadas durante una llamada a response.sendRedirect, lo que permite a atacantes remotos provocar una denegación de servicio a través de una petición GET. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 https://exchange.xforce.ibmcloud.com/vulnerabilities/58556 • CWE-20: Improper Input Validation •

CVSS: 1.9EPSS: 0%CPEs: 46EXPL: 0

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. IBM WebSphere Application Server (WAS) v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando estan habilitados la autenticación Basic y las trazas SIP (esto es, los logs para SIP estan completamente habilitados), almacena en los logs la totalidad de todos los mensajes SIP entrantes y salientes, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero de log. • http://secunia.com/advisories/39628 http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www.osvdb.org/65437 http://www.vupen.com/english/advisories/2010/1411 https://exchange.xforce.ibmcloud.com/vulnerabilities/58324 • CWE-310: Cryptographic Issues •

CVSS: 1.9EPSS: 0%CPEs: 94EXPL: 0

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. IBM WebSphere Application Server (WAS) v6.0.x antes de v6.0.2.41, v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando la opción -trace (esto es, el modo de depuración) está habilitada, imprime cadenas de debug de objetos no especificados, lo que permite a los atacantes obtener información sensible mediante la lectura de las trazas de salida. • http://secunia.com/advisories/39628 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://www.vupen.com/english/advisories/2010/0994 https://exchange.xforce.ibmcloud.com/vulnerabilities/58323 • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar una negociación SSL. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93653 http://www.securityfocus.com/bid/39056 https://exchange.xforce.ibmcloud.com/vulnerabilities/57182 • CWE-399: Resource Management Errors •