CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1316
https://notcve.org/view.php?id=CVE-2011-1316
08 Mar 2011 — The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. El proxy Session Initiation Protocol (SIP) en el componente de transporte HTTP de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (agotamiento de los hilo de trabajo y c... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1315
https://notcve.org/view.php?id=CVE-2011-1315
08 Mar 2011 — Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. Pérdida de memoria en el motor de mensajería de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de conexiones de red asociados con un valor de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23626 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1314
https://notcve.org/view.php?id=CVE-2011-1314
08 Mar 2011 — The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. El motor de mensajería Service Integration Bus (SIB) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (bloqueo del demonio) mediante la realización de las operaciones de cierre a través... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19834 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1318
https://notcve.org/view.php?id=CVE-2011-1318
08 Mar 2011 — Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. Pérdida de memoria en org.apache.jasper.runtime.JspWriterImpl.response en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1311
https://notcve.org/view.php?id=CVE-2011-1311
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. El componente Security en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15, cuando se usa una aplicación J2EE 1.4, determi... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1308
https://notcve.org/view.php?id=CVE-2011-1308
08 Mar 2011 — Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Installation Verification Test (IVT) en el componente Install en IBM WebSphere Application Server (WAS) anteriores a v7.0.0.15, permite a atacantes remotos iny... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1309
https://notcve.org/view.php?id=CVE-2011-1309
08 Mar 2011 — The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. El componente Plug-in en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 no maneja adecuadamente las solicitudes de rastreo, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2010-0779
https://notcve.org/view.php?id=CVE-2010-0779
24 Jun 2010 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración en IBM WebSphere Application Server (WAS) v6.0 anterior v6.0.2.43, v6.1 anterior v6.1.0.33, y v7.0 anterior v 7.0.0.11 permite a atacantes remotos ... • http://www-1.ibm.com/support/docview.wss?uid=swg1PM09250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2324
https://notcve.org/view.php?id=CVE-2010-2324
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2325
https://notcve.org/view.php?id=CVE-2010-2325
18 Jun 2010 — Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente un... • http://secunia.com/advisories/40096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •