CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1153
https://notcve.org/view.php?id=CVE-2002-1153
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". IBM Websphere 4.0.3 permite a atacantes remotos causar una denegación de servicio (caída), y posiblemente ejecutar código arbitrario mediante una petición HTTP con cabeceras HTTP largas, como "Host". • ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt http://marc.info/?l=bugtraq&m=103244572803950&w=2 http://www.iss.net/security_center/static/10140.php http://www.osvdb.org/2092 http://www.securityfocus.com/bid/5749 •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2001-1189
https://notcve.org/view.php?id=CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. IBM Websphere Application Server 3.5.3 y versiones anteriores almacenan una contraseña en formato textual en el fichero sas.server.props, lo que permite a usuarios locales la obtención de dicha contraseña mediante una rutina JSP. • http://www.iss.net/security_center/static/7698.php http://www.securityfocus.com/archive/1/245324 http://www.securityfocus.com/bid/3682 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0824
https://notcve.org/view.php?id=CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.securityfocus.com/bid/2969 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0962
https://notcve.org/view.php?id=CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html http://www.osvdb.org/5492 http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2001-0389
https://notcve.org/view.php?id=CVE-2001-0389
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. • http://www.securityfocus.com/archive/1/176100 http://www.securityfocus.com/bid/2587 •