CVSS: 9.8EPSS: 6%CPEs: 42EXPL: 0CVE-2010-1632 – HP Security Bulletin HPSBHF03655 1
https://notcve.org/view.php?id=CVE-2010-1632
22 Jun 2010 — Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrate... • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2323
https://notcve.org/view.php?id=CVE-2010-2323
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS podría permitir a atacantes, obtener información sensible leyendo el fichero default_create.log, que está asociado con la creación de perfiles por los trabajos BBOWWPFx y zPMT. • http://secunia.com/advisories/40096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2324
https://notcve.org/view.php?id=CVE-2010-2324
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2325
https://notcve.org/view.php?id=CVE-2010-2325
18 Jun 2010 — Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente un... • http://secunia.com/advisories/40096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2326
https://notcve.org/view.php?id=CVE-2010-2326
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11, cuando addNode-trace se utiliza mientras la federación de nodos, permite a atacantes remotos conseguir información sensible acercad de acciones de la traza CIMMetadataCollectorImpl leyendo el fichero addNo... • http://secunia.com/advisories/40096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2010-2327
https://notcve.org/view.php?id=CVE-2010-2327
18 Jun 2010 — mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. mod_ibm_ssl en IBM HTTP Server v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.33, y v7.0 anteriores a v7.0.0.11, como las utilizadas en IBM WebSphere Application Server (WAS) en z/O... • http://secunia.com/advisories/40096 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2328
https://notcve.org/view.php?id=CVE-2010-2328
18 Jun 2010 — The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. El HTTP Channel en IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 permite a atacantes remotos provocar una denegación de servicio ( NullPointerException) a través de una gran cantidad de datos truncados que utilicen la compresión gzip. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08894 •
CVSS: 9.1EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0774
https://notcve.org/view.php?id=CVE-2010-0774
17 May 2010 — The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementaciones (1) JAX-RPC WS-Security v1.0 y (2) JAX-WS en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.41, v6.1 anteriores a v6.1.0.31, y v7.0 anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK96427 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
17 May 2010 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (co... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0776
https://notcve.org/view.php?id=CVE-2010-0776
17 May 2010 — The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragment... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 • CWE-20: Improper Input Validation •