CVSS: 7.5EPSS: 0%CPEs: 136EXPL: 0CVE-2016-5986
https://notcve.org/view.php?id=CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13, 8.5.x en versiones anteriores a 8.5.5.11, 9.0.x en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.3 maneja respuestas de manera incorrecta, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67093 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 http://www.securityfocus.com/bid/93013 http://www.securitytracker.com/id/1036838 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 67EXPL: 0CVE-2016-0385
https://notcve.org/view.php?id=CVE-2016-0385
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.10, 9.0 en versiones anteriores a 9.0.0.1 y Liberty en versiones anteriores a 16.0.0.3, cuando HttpSessionIdReuse está activado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026 http://www-01.ibm.com/support/docview.wss?uid=swg21982588 http://www.securityfocus.com/bid/92505 http://www.securitytracker.com/id/1036654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 67EXPL: 0CVE-2016-2960
https://notcve.org/view.php?id=CVE-2016-2960
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.0.x en versiones anteriores a 8.0.0.13, 8.5.0.x en versiones anteriores a 8.5.5.10, 8.5.0.x y 16.0.0.x Liberty en versiones anteriores a Liberty Fix Pack 16.0.0.3 y 9.0.0.x en versiones anteriores a 9.0.0.1 permite a atacantes remotos provocar una denegación de servicio a través de mensajes SIP manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548 http://www-01.ibm.com/support/docview.wss?uid=swg21984796 http://www.securityfocus.com/bid/92354 http://www.securitytracker.com/id/1036514 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0389
https://notcve.org/view.php?id=CVE-2016-0389
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Admin Center en IBM WebSphere Application Server (WAS) 8.5.5.2 hasta la versión 8.5.5.9 Liberty en versiones anteriores a Liberty Fix Pack 16.0.0.2 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI62052 http://www-01.ibm.com/support/docview.wss?uid=swg21982012 http://www.securityfocus.com/bid/91515 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2923
https://notcve.org/view.php?id=CVE-2016-2923
IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM WebSphere Application Server (WAS) 8.5 hasta la versión 8.5.5.9 Liberty hasta la versión Liberty Fix Pack 16.0.0.2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para una cookie JAX-RS API no especificada, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de secuencias de comandos de acceso a esta cookie. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI61936 http://www-01.ibm.com/support/docview.wss?uid=swg21983700 http://www.securityfocus.com/bid/91518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •