CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2324
https://notcve.org/view.php?id=CVE-2010-2324
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 •
CVSS: 7.5EPSS: 1%CPEs: 55EXPL: 0CVE-2010-2327
https://notcve.org/view.php?id=CVE-2010-2327
18 Jun 2010 — mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. mod_ibm_ssl en IBM HTTP Server v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.33, y v7.0 anteriores a v7.0.0.11, como las utilizadas en IBM WebSphere Application Server (WAS) en z/O... • http://secunia.com/advisories/40096 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
17 May 2010 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (co... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0776
https://notcve.org/view.php?id=CVE-2010-0776
17 May 2010 — The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragment... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0777
https://notcve.org/view.php?id=CVE-2010-0777
17 May 2010 — The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada los nombres de fic... • http://secunia.com/advisories/39838 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0774
https://notcve.org/view.php?id=CVE-2010-0774
17 May 2010 — The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementaciones (1) JAX-RPC WS-Security v1.0 y (2) JAX-WS en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.41, v6.1 anteriores a v6.1.0.31, y v7.0 anterior... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK96427 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 94EXPL: 0CVE-2010-1650
https://notcve.org/view.php?id=CVE-2010-1650
30 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. IBM WebSphere Application Server (WAS) v6.0.x antes de v6.0.2.41, v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando la opción -trace (esto es, el modo de depura... • http://secunia.com/advisories/39628 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar u... • http://secunia.com/advisories/39140 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0769
https://notcve.org/view.php?id=CVE-2010-0769
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CCon... • http://secunia.com/advisories/39140 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0768
https://notcve.org/view.php?id=CVE-2010-0768
01 Apr 2010 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a l... • http://secunia.com/advisories/39140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •