CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2001-1189
https://notcve.org/view.php?id=CVE-2001-1189
13 Dec 2001 — IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. IBM Websphere Application Server 3.5.3 y versiones anteriores almacenan una contraseña en formato textual en el fichero sas.server.props, lo que permite a usuarios locales la obtención de dicha contraseña mediante una rutina JSP. • http://www.iss.net/security_center/static/7698.php •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0824
https://notcve.org/view.php?id=CVE-2001-0824
22 Nov 2001 — Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0962
https://notcve.org/view.php?id=CVE-2001-0962
19 Sep 2001 — IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0389
https://notcve.org/view.php?id=CVE-2001-0389
24 May 2001 — IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. • http://www.securityfocus.com/archive/1/176100 •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 3CVE-2001-0390 – IBM Websphere/Net.Commerce 3 - CGI-BIN Macro Denial of Service
https://notcve.org/view.php?id=CVE-2001-0390
24 May 2001 — IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. • https://www.exploit-db.com/exploits/20753 •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 2CVE-2001-0122 – IBM HTTP Server 1.3 - AfpaCache/WebSphereNet.Data Denial of Service
https://notcve.org/view.php?id=CVE-2001-0122
13 Mar 2001 — Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. • https://www.exploit-db.com/exploits/20531 •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 3CVE-2000-0848 – IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service
https://notcve.org/view.php?id=CVE-2000-0848
14 Nov 2000 — Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. • https://www.exploit-db.com/exploits/20229 •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 3CVE-2000-0652 – IBM Websphere Application Server 2.0./3.0/3.0.2.1 - Showcode
https://notcve.org/view.php?id=CVE-2000-0652
24 Jul 2000 — IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. • https://www.exploit-db.com/exploits/20097 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0497
https://notcve.org/view.php?id=CVE-2000-0497
08 Jun 2000 — IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. • http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0852
https://notcve.org/view.php?id=CVE-1999-0852
02 Dec 1999 — IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. • http://www.securityfocus.com/bid/844 •