CVE-2014-0859
https://notcve.org/view.php?id=CVE-2014-0859
The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El plugin servidor web en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2, cuando reintentos POST están habilitados, permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67335 https://exchange.xforce.ibmcloud.com/vulnerabilities/90879 •
CVE-2014-0896
https://notcve.org/view.php?id=CVE-2014-0896
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/91326 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6325
https://notcve.org/view.php?id=CVE-2013-6325
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8 y 8.5.x anteriores a 8.5.5.2 permite a atacantes remotos causar una denegacuón de servicio (consumo de recursos) a través de una petición manipulada al endpoint de servicios web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/88906 • CWE-20: Improper Input Validation •
CVE-2013-6725
https://notcve.org/view.php?id=CVE-2013-6725
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://osvdb.org/102119 http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www.securityfocus.com/bid/65099 https://exchange.xforce.ibmcloud.com/vulnerabilities/89280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5414
https://notcve.org/view.php?id=CVE-2013-5414
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. La funcionalidad de migración en IBM WebSphere Application Server (WAS) 7.0 antes 7.0.0.31, 8.0 antes 8.0.0.8, y 8.5 antes de 8.5.5.1 no soporta adecuadamente la distinción entre el rol de administrador y el rol adminsecmanager, que permite a usuarios remotos autenticados obtener privilegios en circunstancias oportunistas accedediendo a los recursos en medio de una migración y una evaluación de role • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313 https://exchange.xforce.ibmcloud.com/vulnerabilities/87476 • CWE-264: Permissions, Privileges, and Access Controls •