CVE-2014-4819
https://notcve.org/view.php?id=CVE-2014-4819
The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. La interfaz web de usuario en IBM WebSphere Message Broker 8.0 anterior a 8.0.0.6 e IBM Integration Bus 9.0 anterior a 9.0.0.3 permite a usuarios autenticados remotos obtener información sensible leyendo la página de error. • http://secunia.com/advisories/61356 http://www-01.ibm.com/support/docview.wss?uid=swg1IT03097 http://www-01.ibm.com/support/docview.wss?uid=swg21682681 https://exchange.xforce.ibmcloud.com/vulnerabilities/95456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-5372 – JDK: XML4J xml entity expansion excessive memory use (XML)
https://notcve.org/view.php?id=CVE-2013-5372
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. El parseador XML4J en IBM WebSphere Message Broker 6.1 antes 6.1.0.12, 7.0 antes 7.0.0.7 y 8.0.0.4 y 8.0 antes de IBM Integration Bus 9.0 antes 9.0.0.1 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado que provoca la expansión de muchas entidades. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473 http://www-01.ibm.com/support/docview.wss?uid=swg21653087 http://www-01.ibm.com/support/docview.wss?uid • CWE-399: Resource Management Errors •
CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y WebSphere Message Broker 6.1, 7.0 a la 7.0.0.5, y 8.0 a la 8.0.0.2, cuando se usa WS-Security, permite a atacantes remotos suplantar las firmas de los mensajes a través de mensajes SOAP manipulados relacionado con "Signature Wrap attack," vulnerabilidad distinta de CVE-2011-1377 y CVE-2013-0489. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026 http://www-01.ibm.com/support/docview.wss?uid=swg21634646 http://www-01.ibm.com/support/docview.wss? •
CVE-2012-5953
https://notcve.org/view.php?id=CVE-2012-5953
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. IBM WebSphere Message Broker v6.1 antes v6.1.0.12, v7,0 antes de v7.0.0.6 y 8,0 antes de 8.0.0.2, cuando la opción de análisis de cadenas está habilitada en un nodo HTTPInput, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una cadena de consulta hecha a mano . • http://www-01.ibm.com/support/docview.wss?uid=swg1PM75015 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/80667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0466
https://notcve.org/view.php?id=CVE-2013-0466
Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. Cross-site scripting (XSS) en WebSphere Message Broker IBM v7,0 antes de v7.0.0.6 y v8,0 antes de v8.0.0.2 antes, cuando el soporte wsdl está habilitada en un nodo SOAPInput, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una solicitud wsdl que no se maneja adecuadamente durante la construcción de un mensaje de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89383 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/81062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •