CVE-2010-4590
https://notcve.org/view.php?id=CVE-2010-4590
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servicio de acceso (HTTP-AS) en Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 (LMC) anterior v6.1.4 permite a atacantes remotos inyectar código web y HTML de su elección a través de vectores no especificados. • http://securitytracker.com/id?1024871 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ77536 http://www-01.ibm.com/support/docview.wss?uid=swg27020327 http://www.vupen.com/english/advisories/2010/3209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4592
https://notcve.org/view.php?id=CVE-2010-4592
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. funcionalidad Mobile Network Connections Connection Manager en IBM Lotus Mobile Connect anterior v6.1.4, cuando el servicio de acceso HTTP (HTTP-AS) está activo, no establece adecuadamente las sesiones HTTP-TCP, permitidiendo que atacantse remotos causen una denegación de servicio (consumo de memoria y caida de demonio) por creación de numerosos intentos de conexiones TCP. • http://secunia.com/advisories/42703 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588 http://www-01.ibm.com/support/docview.wss?uid=swg27020327 • CWE-399: Resource Management Errors •