CVE-2012-3330
https://notcve.org/view.php?id=CVE-2012-3330
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. El servidor proxy en IBM WebSphere Application Server v7.0 antes de v7.0.0.27, v8.0 antes de v8.0.0.5 y v8.5 antes de v8.5.0.1 y WebSphere Virtual Enterprise, permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de una solicitud modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71319 http://www.ibm.com/support/docview.wss?uid=swg21614265 https://exchange.xforce.ibmcloud.com/vulnerabilities/78047 •
CVE-2012-3304
https://notcve.org/view.php?id=CVE-2012-3304
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. La consola de administración de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.45, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1 permite a los atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://osvdb.org/85733 http://www-01.ibm.com/support/docview.wss?uid=swg1PM54356 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77476 •
CVE-2012-3311
https://notcve.org/view.php?id=CVE-2012-3311
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.45, 7.0 anteriores a v7.0.0.25, 8.0 anteriores a v8.0.0.5, y 8.5 anteriores a v8.5.0.1 en z/OS, en ciertas configuraciones que implican Federated Repositories para conexiones IIOP y Optimized Local Adapters, no hacen las comprobaciones CBIND, lo que permite a usuarios locales evitar las restricciones de acceso establecidas, y leer y modificar datos de aplicaciones, a través de vectores no específicos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 http://www.ibm.com/support/docview.wss?uid=swg21611313 http://www.securityfocus.com/bid/55671 https://exchange.xforce.ibmcloud.com/vulnerabilities/77697 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3306
https://notcve.org/view.php?id=CVE-2012-3306
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.45, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1, cuando el soporte multi-dominio está configurado, no elimina la contraseña de la caché de autenticación, lo cual tiene un impacto no especificado y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM66514 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77478 • CWE-255: Credentials Management Errors •
CVE-2012-3305
https://notcve.org/view.php?id=CVE-2012-3305
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. Vulnerabilidad de salto de directorio en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1 e permite a atacantes remotos sobreescribir archivos de su elección a través de un archivo de aplicación modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62467 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •