Page 23 of 134 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. • http://secunia.com/advisories/20025 http://www-1.ibm.com/support/docview.wss?uid=swg24010245 http://www.osvdb.org/25368 http://www.securityfocus.com/bid/17900 http://www.vupen.com/english/advisories/2006/1724 https://exchange.xforce.ibmcloud.com/vulnerabilities/26312 •

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0

IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. • http://securitytracker.com/id?1015857 http://www-1.ibm.com/support/docview.wss?uid=swg21053738 http://www.vupen.com/english/advisories/2006/1214 https://exchange.xforce.ibmcloud.com/vulnerabilities/25619 •

CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. • http://securitytracker.com/id?1015716 http://www-1.ibm.com/support/docview.wss?uid=swg21231377 http://www.securityfocus.com/bid/16908 http://www.vupen.com/english/advisories/2006/0788 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24008814 http://www-1.ibm.com/support/docview.wss?uid=swg24013840 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format. • http://osvdb.org/34177 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24008815 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •