Page 57 of 327 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. SimpleFileServlet en IBM WebSphere Application Server 5.0.1 hasta 5.0.2.7 en Linux y UNIX no bloquea determinados URIs inválidos y no emite un desafío de seguridad, lo cual permite a atacantes remotos leer archivos seguros y obtener información sensible mediante determinadas peticiones. • http://www-1.ibm.com/support/docview.wss?uid=swg24013029 •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." IBM WebSphere Application Server (WAS) 5.0 hasta 5.1.1.0 permite a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24013032 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •

CVSS: 5.0EPSS: 1%CPEs: 34EXPL: 0

IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." IBM WebSphere Application Server (WAS) 5.1.1.9 y anteriores permiten a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24011720 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." El motor de Servlets y el contenedor Web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.17 permite a atacantes remotos leer el código fuente de ficheros JSP y obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/23414 http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www.securityfocus.com/bid/21636 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0

Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •