CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 0CVE-2012-0193
https://notcve.org/view.php?id=CVE-2012-0193
20 Jan 2012 — IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. IBM WebSphere Application Server (WAS) v6.0 hasta v6.0.2.43, v6.1 antes de v6.1.0.43 6.1, v7.0 antes de v7.0.0.23, v8.0 antes de v8.0.0.3 calcula los valores ha... • http://osvdb.org/78321 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 0CVE-2011-1376
https://notcve.org/view.php?id=CVE-2011-1376
19 Jan 2012 — iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. iscdeploy en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.43, v7.0 antes de v7.0.0.21 y v8.0 antes de v8.0.0.2 en la plataforma IBM i establece permisos débiles bajo systemApps/isclite.ear y /bin/cli... • http://www-01.ibm.com/support/docview.wss?uid=swg21569205 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2011-1362
https://notcve.org/view.php?id=CVE-2011-1362
15 Jan 2012 — Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la aplicación Installation Verification Test (IVT) e... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM40733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 31EXPL: 0CVE-2011-1377
https://notcve.org/view.php?id=CVE-2011-1377
15 Jan 2012 — The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. El componente Web Services Security en el producto Web Services Feature Pack anterior a versión 6.1.0.41 para WebSphere Application Server (WAS) versión 6.1 de IBM, no maneja apropiadamente la habilitación de WS-Security para una aplicación JAX-WS, que... • http://secunia.com/advisories/46469 •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2011-5065
https://notcve.org/view.php?id=CVE-2011-5065
15 Jan 2012 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server (WAS) v anterior a v6.1.0.41 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con mensajes web. • http://secunia.com/advisories/46469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2011-5066
https://notcve.org/view.php?id=CVE-2011-5066
15 Jan 2012 — The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. La clase SibRaRecoverableSiXaResource en el Default Messaging Component en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.41 no contro... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2009-2747
https://notcve.org/view.php?id=CVE-2009-2747
30 Oct 2011 — The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. La implementación Java Naming and Directory Interface (JNDI) la aplicación en IBM WebSphere Application Server (WAS) v6.0 anterior a v6.0.2.39, v6.1 anterior a v6.1.0.29 6.1 y v7.0 anterio... • http://www.ibm.com/support/docview.wss?uid=swg1PK91414 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2009-2748
https://notcve.org/view.php?id=CVE-2009-2748
30 Oct 2011 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS)en Administration Console en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.29 y v7.1 anteriores v7.0.0.7, permite a atacantes remotos inyectar script web de su ... • http://www.ibm.com/support/docview.wss?uid=swg1PK92057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1359
https://notcve.org/view.php?id=CVE-2011-1359
06 Sep 2011 — Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en la consola de administración en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.41, v7.0 anteriores a v7.0.0.19, y v8.0 anteriores a v8.0.0.1, permite a atacantes remotos leer ficheros locales de su elecci... • http://secunia.com/advisories/45749 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2011-1355
https://notcve.org/view.php?id=CVE-2011-1355
19 Jul 2011 — Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. Vulnerabilidad "Open redirect" en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.39 y v7.0 anterior a 7.0.0.19 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través del parámetro logoutE... • http://www.ibm.com/support/docview.wss?uid=swg1PM35701 • CWE-20: Improper Input Validation •