CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1309
https://notcve.org/view.php?id=CVE-2011-1309
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. El componente Plug-in en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 no maneja adecuadamente las solicitudes de rastreo, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1318
https://notcve.org/view.php?id=CVE-2011-1318
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. Pérdida de memoria en org.apache.jasper.runtime.JspWriterImpl.response en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el acceso a una aplicación JSP que es detenida y reiniciada varias veces. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1307
https://notcve.org/view.php?id=CVE-2011-1307
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. El programa de instalación de IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 utiliza permisos 777 para un directorio de registro temporal, lo que permite a los usuarios locales a tener acceso a los archivos de registro a través de operaciones de sistema de archivos estándar, una vulnerabilidad diferente de CVE-2009-1173. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 http://secunia.com/advisories/43298 http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 http://www.ibm.com/support/docview.wss?uid=swg21462435 http://www.vupen.com/english/advisories/2011/0382 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2323
https://notcve.org/view.php?id=CVE-2010-2323
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS podría permitir a atacantes, obtener información sensible leyendo el fichero default_create.log, que está asociado con la creación de perfiles por los trabajos BBOWWPFx y zPMT. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •