Page 35 of 178 results (0.016 seconds)

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

CVE-2010-0786

https://notcve.org/view.php?id=CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. El componente Web Services Security en IBM WebSphere Application Server (WAS) v7.0 anteiror v7.0.0.13 no implementa adecuadamente la API Java para los Web Services XML (también conocido como JAX-WS), lo que permite a atacantes remotos causar una denegación de servicio (corrupción de datos) a través de una petición JAX-WS manipulada que provoca datos codificados incorrectamente. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/62950 • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 33EXPL: 0

CVE-2010-0785

https://notcve.org/view.php?id=CVE-2010-0785

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62949 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 0

CVE-2010-0783

https://notcve.org/view.php?id=CVE-2010-0783

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterio v6.1.0.35 y v7.0 anteior v7.0.0.13 permite a atacantes remotos inyecatar código web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/41722 http://secunia.com/advisories/42136 http://securitytracker.com/id?1024686 http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.osvdb.org/69007 https://exchange.xforce.ibmcloud.com/vulnerabilities/62947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0

CVE-2010-3186

https://notcve.org/view.php?id=CVE-2010-3186

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. El servidor de aplicaciones IBM WebSphere (WAS) v7.x en versiones anteriores a la v7.0.0.13, y WebSphere Application Server Feature Pack para Web Services v6.1.0.9 hasta la v6.1.0.32, si se utiliza una aplicación JAX-WS, no maneja apropiadamente una opción de configuración IncludeTimestamp en la política WS-Security, lo que tiene un impacto y vectores de ataque sin especificar. • http://osvdb.org/67570 http://secunia.com/advisories/41173 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360 http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014 http://www-01.ibm.com/support/docview.wss?uid=swg21443736 http://www-01.ibm.com/support/docview.wss?uid=swg24027708 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0

CVE-2010-1632

https://notcve.org/view.php?id=CVE-2010-1632

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elección, enviar peticiones HTTP a servidores de la intranet o provocar una denegación de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaración de entidad en una petición a Synapse SimpleStockQuoteService. • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://markmail.org/message/e4yiij7lfexastvl http://secunia.com/advisories/40252 http://secunia.com/advisories/40279 http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://www-01.ibm.com/support/docview.wss?uid=swg21433581 http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 http • CWE-20: Improper Input Validation •