CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2436
https://notcve.org/view.php?id=CVE-2006-2436
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881 http://www-1.ibm.com/support/search.wss?rs=0&q=PK17589&apar=only http://www.vupen.com/english/advisories/2006/1736 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2006-2435
https://notcve.org/view.php?id=CVE-2006-2435
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881 http://www-1.ibm.com/support/search.wss?rs=0&q=PK15571&apar=only http://www.vupen.com/english/advisories/2006/1736 http://www.vupen.com/english/advisories/2006/2552 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2434
https://notcve.org/view.php?id=CVE-2006-2434
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879 http://www.vupen.com/english/advisories/2006/1736 http://www.vupen.com/english/advisories/2006/2552 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2342
https://notcve.org/view.php?id=CVE-2006-2342
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. • http://secunia.com/advisories/20025 http://www-1.ibm.com/support/docview.wss?uid=swg24010245 http://www.osvdb.org/25368 http://www.securityfocus.com/bid/17900 http://www.vupen.com/english/advisories/2006/1724 https://exchange.xforce.ibmcloud.com/vulnerabilities/26312 •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2006-1619
https://notcve.org/view.php?id=CVE-2006-1619
IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. • http://securitytracker.com/id?1015857 http://www-1.ibm.com/support/docview.wss?uid=swg21053738 http://www.vupen.com/english/advisories/2006/1214 https://exchange.xforce.ibmcloud.com/vulnerabilities/25619 •