CVE-2012-3293
https://notcve.org/view.php?id=CVE-2012-3293
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola de administración en IBM WebSphere Application Server (WAS) v6.1.x anterior a v6.1.0.45, v7.0.x anterior a v7.0.0.25, v8.0.x anterior a v8.0.0.4, y v8.5.x anterior a v8.5.0.1 que permite a atacantes remotos inyectar código web o html arbitrario a través de vectores que involucran elementos (FRAME), relacionados con un problema ejecución de código en marcos cruzados (cross-frame scripting) (XFS). • http://www-01.ibm.com/support/docview.wss?uid=swg1PM60839 http://www-01.ibm.com/support/docview.wss?uid=swg21606096 http://www-01.ibm.com/support/docview.wss?uid=swg27022958 http://www.securityfocus.com/bid/55149 https://exchange.xforce.ibmcloud.com/vulnerabilities/77179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2190
https://notcve.org/view.php?id=CVE-2012-2190
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. IBM Global Security Kit (aka GSKit), utilizdo en IBM HTTP Server en IBM WebSphere Application Server (WAS) v6.1.x anterior a v6.1.0.45, v7.0.x anterior a v7.0.0.25, v8.0.x anterior a v8.0.0.4, y v8.5.x anterior a v8.5.0.1, permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un mensaje (ClientHello) manipulado in el protocolo (TLS Handshake). • http://www-01.ibm.com/support/docview.wss?uid=swg1PM66218 http://www-01.ibm.com/support/docview.wss?uid=swg21606096 https://exchange.xforce.ibmcloud.com/vulnerabilities/75994 • CWE-310: Cryptographic Issues •
CVE-2012-0717
https://notcve.org/view.php?id=CVE-2012-0717
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. IBM WebSphere Application Server v7.0 anterior a v7.0.0.23, cuando se utiliza una cierta configuración de SSLv2 con la autenticación del cliente, permite a atacantes remotos eludir X.509 cliente certificado de autenticación a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg1PM52351 http://www.ibm.com/support/docview.wss?uid=swg21595172 • CWE-287: Improper Authentication •
CVE-2012-2170
https://notcve.org/view.php?id=CVE-2012-2170
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. La aplicación de Snoop Servlet en IBM WebSphere Application Server v7.0 anterior a v7.0.0.23 no restringe el acceso, permite a atacantes remotos obtener información sensible de los clientes y la solicitud a través de una solicitud directa. • http://www.ibm.com/support/docview.wss?uid=swg1PM56183 http://www.ibm.com/support/docview.wss?uid=swg21595172 https://exchange.xforce.ibmcloud.com/vulnerabilities/75234 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0720
https://notcve.org/view.php?id=CVE-2012-0720
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la consola de solución de integración IBM WebSphere Application Server v7.0 anterior a v7.0.0.23 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URL malicioso. • http://www.ibm.com/support/docview.wss?uid=swg1PM52274 http://www.ibm.com/support/docview.wss?uid=swg21595172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •