CVSS: 7.1EPSS: 0%CPEs: 59EXPL: 0CVE-2009-0891
https://notcve.org/view.php?id=CVE-2009-0891
25 Mar 2009 — The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. El componente Web Services Security en IBM WebSphere Application Server v7.0 anterior a Fix Pac... • http://secunia.com/advisories/34131 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2009-0508
https://notcve.org/view.php?id=CVE-2009-0508
16 Mar 2009 — The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v5.1.0, v5.1.1.19, v... • http://secunia.com/advisories/34283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2009-0856
https://notcve.org/view.php?id=CVE-2009-0856
09 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en aplicaciones de muestra en IBM WebSphere Application Server (WAS) versión 6.0.2 anteriores a 6.0.2.35, y versión 6.1 anterior a 6.1.0.23 en z/OS, permiten a atacantes remotos inyectar script... • http://securitytracker.com/id?1021811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 27%CPEs: 25EXPL: 2CVE-2009-0855 – IBM Websphere Application Server 6.1/7.0 - Administrative Console Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0855
09 Mar 2009 — Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en la consola administratica en IBM WebSphere Application Server (WAS) v6.1 anteriores v6.1.0.23 en z/OS, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de v... • https://packetstorm.news/files/id/170073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0506
https://notcve.org/view.php?id=CVE-2009-0506
25 Feb 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Vulnerabilidad sin especificar en IBM WebSphere Application Server (WAS) v5.1 y v6.0.2 anterior a v6.0.2.33 sobre z/OS, cuando está... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
17 Feb 2009 — WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4285
https://notcve.org/view.php?id=CVE-2008-4285
17 Feb 2009 — Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." Vulnerabilidad sin especificar en la característica Performance Monitoring Infrastructure (PMI) en el componente Servlet Engine/Web Container en IBM WebS... • http://www-01.ibm.com/support/docview.wss?uid=swg24019260 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 46EXPL: 0CVE-2008-4283
https://notcve.org/view.php?id=CVE-2008-4283
10 Feb 2009 — CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el componente WebContainer en IBM WebSphere Application Server (WAS) v5.1.1.19 y versiones anteriores a v5.1.x, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de separac... • http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-0432
https://notcve.org/view.php?id=CVE-2009-0432
10 Feb 2009 — The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. El proceso de instalación en File Transfer servlet en el componente System Management/Repository en IBM WebSphere Application Server (WAS) v6.1.x anteriores a v6.1.0.19 no activa la versión segura, lo que permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0438
https://notcve.org/view.php?id=CVE-2009-0438
10 Feb 2009 — IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. IBM WebSphere Application Server (WAS) 7 anterior a v7.0.0.1 para Windows; permite a atacantes remotos evitar las "comprobaciones de Autenticación" y obtener información sensible de páginas JSP a través de una solicitud manipulada. NOTA: Puede que esta vulnerabi... • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-264: Permissions, Privileges, and Access Controls •