CVE-2003-1447
https://notcve.org/view.php?id=CVE-2003-1447
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. • http://securityreason.com/securityalert/3277 http://www.securityfocus.com/archive/1/310118 http://www.securityfocus.com/archive/1/310796 http://www.securityfocus.com/bid/6758 https://exchange.xforce.ibmcloud.com/vulnerabilities/11245 • CWE-310: Cryptographic Issues •
CVE-2002-1153
https://notcve.org/view.php?id=CVE-2002-1153
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". IBM Websphere 4.0.3 permite a atacantes remotos causar una denegación de servicio (caída), y posiblemente ejecutar código arbitrario mediante una petición HTTP con cabeceras HTTP largas, como "Host". • ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt http://marc.info/?l=bugtraq&m=103244572803950&w=2 http://www.iss.net/security_center/static/10140.php http://www.osvdb.org/2092 http://www.securityfocus.com/bid/5749 •
CVE-2001-1189
https://notcve.org/view.php?id=CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. IBM Websphere Application Server 3.5.3 y versiones anteriores almacenan una contraseña en formato textual en el fichero sas.server.props, lo que permite a usuarios locales la obtención de dicha contraseña mediante una rutina JSP. • http://www.iss.net/security_center/static/7698.php http://www.securityfocus.com/archive/1/245324 http://www.securityfocus.com/bid/3682 •
CVE-2001-0824
https://notcve.org/view.php?id=CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.securityfocus.com/bid/2969 •
CVE-2001-0962
https://notcve.org/view.php?id=CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html http://www.osvdb.org/5492 http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 •