Page 33 of 206 results (0.014 seconds)

CVSS: 5.0EPSS: 1%CPEs: 34EXPL: 0

IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." IBM WebSphere Application Server (WAS) 5.1.1.9 y anteriores permiten a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24011720 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. SimpleFileServlet en IBM WebSphere Application Server 5.0.1 hasta 5.0.2.7 en Linux y UNIX no bloquea determinados URIs inválidos y no emite un desafío de seguridad, lo cual permite a atacantes remotos leer archivos seguros y obtener información sensible mediante determinadas peticiones. • http://www-1.ibm.com/support/docview.wss?uid=swg24013029 •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." El motor de Servlets y el contenedor Web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.17 permite a atacantes remotos leer el código fuente de ficheros JSP y obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0

Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. IBM WebSphere Application Server 6.1.0 anterior al Fix Pack 3 (6.1.0.3) no realiza las comprobaciones de autenticación EAL4 en el momento adecuado durante el "registro de la operación de respuesta", lo cual tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23028 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/search.wss?rs=0&q=PK29847&apar=only http://www.securityfocus.com/bid/21204 http://www.vupen.com/english/advisories/2006/4639 •