CVSS: 10.0EPSS: 2%CPEs: 33EXPL: 0CVE-2009-1899
https://notcve.org/view.php?id=CVE-2009-1899
03 Jun 2009 — Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." Vulnerabilidad sin especificar en el componente Management/Repository en IBM WebSphere Application Server (WAS) v6.0.2 anteri... • http://secunia.com/advisories/35301 •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0CVE-2009-0508
https://notcve.org/view.php?id=CVE-2009-0508
16 Mar 2009 — The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v5.1.0, v5.1.1.19, v... • http://secunia.com/advisories/34283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0506
https://notcve.org/view.php?id=CVE-2009-0506
25 Feb 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Vulnerabilidad sin especificar en IBM WebSphere Application Server (WAS) v5.1 y v6.0.2 anterior a v6.0.2.33 sobre z/OS, cuando está... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
17 Feb 2009 — WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 0CVE-2009-0433
https://notcve.org/view.php?id=CVE-2009-0433
10 Feb 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. Vulnerabilidad no especificada en IBM WebSphere Aplication Server (WAS) v5.1.x... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK67161 •
CVSS: 10.0EPSS: 0%CPEs: 46EXPL: 0CVE-2008-4283
https://notcve.org/view.php?id=CVE-2008-4283
10 Feb 2009 — CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el componente WebContainer en IBM WebSphere Application Server (WAS) v5.1.1.19 y versiones anteriores a v5.1.x, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de separac... • http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 109EXPL: 0CVE-2008-4284
https://notcve.org/view.php?id=CVE-2008-4284
10 Feb 2009 — Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. Vulnerabilidad de redirección abierta en ibm_security_logout servlet en IBM WebSphere Application Server (WAS) v5.1.1.19 y anteriores a las versiones v5.x, v6.0.x anterior a v6.0.2.33, y v6.1.x ant... • http://www-1.ibm.com/support/docview.wss?uid=swg21320242 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5411
https://notcve.org/view.php?id=CVE-2008-5411
10 Dec 2008 — IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. IBM WebSphere Application Server (WAS) 7 y versiones anteriores 7.0.0.1 que envía tráfico SSL sobre "TCP inseguro", el cual hace más fácil para usuarios remotos obtener información sensible, rastreando la red. • http://secunia.com/advisories/33022 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-5412
https://notcve.org/view.php?id=CVE-2008-5412
10 Dec 2008 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) versiones 7 y anteriores a 7.0.0.1 en Windows, presenta un impacto y vectores de ataque desconocidos relacionados con JSP. • http://secunia.com/advisories/33022 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5413
https://notcve.org/view.php?id=CVE-2008-5413
10 Dec 2008 — PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. PerfServlet en el componente PMI/Performance Tools en IBM WebSphere Application Server (WAS) versiones 7 anteriores a 7.0.0.1, permite a los atacantes obtener información confidencial mediante la lectura de los archivos (1) systemout.log y (2) ffd... • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •