Page 50 of 381 results (0.061 seconds)

CVSS: 4.3EPSS: 1%CPEs: 55EXPL: 0

mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. mod_ibm_ssl en IBM HTTP Server v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.33, y v7.0 anteriores a v7.0.0.11, como las utilizadas en IBM WebSphere Application Server (WAS) en z/OS, no gestionan de forma adecuada los body largos en las peticiones HTTP en las subidas sobre SSL, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo del demonio) a través de una subida. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.osvdb.org/65439 http://www.vupen.com/english/advisories/2010/1411 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www.vupen.com/english/advisories/2010/1411 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. El HTTP Channel en IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 permite a atacantes remotos provocar una denegación de servicio ( NullPointerException) a través de una gran cantidad de datos truncados que utilicen la compresión gzip. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08894 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11778 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 76EXPL: 0

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementaciones (1) JAX-RPC WS-Security v1.0 y (2) JAX-WS en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.41, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no manejan de forma adecuada los elementos WebServices PKCS#7 and PKIPath, lo que permite a usuarios remotos saltarse las restricciones de acceso a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK96427 https://exchange.xforce.ibmcloud.com/vulnerabilities/58554 • CWE-264: Permissions, Privileges, and Access Controls •