CVE-2013-5407
https://notcve.org/view.php?id=CVE-2013-5407
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 no restringen apropiadamente el uso de elementos FRAME, lo cual permite a usuarios remotos autenticados sortear restricciones de acceso u obtener información sensible a través de un sitio web manipulado, relacionado con un problema de "frame injection". • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 https://exchange.xforce.ibmcloud.com/vulnerabilities/87356 • CWE-20: Improper Input Validation •
CVE-2013-0494
https://notcve.org/view.php?id=CVE-2013-0494
IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. IBM Sterling B2B Integrator v5.0 y v5.1 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de cabeceras HTTP manipuladas (1) Range o (2) Request-Range. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC82726 http://www-01.ibm.com/support/docview.wss?uid=swg21627989 https://exchange.xforce.ibmcloud.com/vulnerabilities/82009 • CWE-399: Resource Management Errors •
CVE-2013-4002 – OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
https://notcve.org/view.php?id=CVE-2013-4002
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se empleó en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, así como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegación de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. • https://github.com/tafamace/CVE-2013-4002 http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists • CWE-20: Improper Input Validation •
CVE-2013-0468
https://notcve.org/view.php?id=CVE-2013-0468
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-2983. Vulnerabilidad Cross-site scripting (XSS) en IBM Sterling B2B Integrator v5.1 y v5.2 y Sterling File Gateway v2.1 y v2.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad diferente que CVE-2013-2983. • http://www-01.ibm.com/support/docview.wss?uid=swg21640830 https://exchange.xforce.ibmcloud.com/vulnerabilities/81334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0568
https://notcve.org/view.php?id=CVE-2013-0568
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, and CVE-2013-0567. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2, permite a usuarios autenticados remotamente la obtención de información sensible sobre la implementación de la aplicación a través de vectores no especificados. Vulnerabilidad distinta de CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0475, y CVE-2013-0567. • http://www-01.ibm.com/support/docview.wss?uid=swg21640830 https://exchange.xforce.ibmcloud.com/vulnerabilities/83165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •