CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-1608
https://notcve.org/view.php?id=CVE-2007-1608
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. Vulnerabilidad de inyección de retornos de carro y saltos de línea en BM WebSphere Application Server (WAS) versiones anteriores a 6.0.2.19 permite a atacantes remotos inyectar cabeceras HTML de su elección y conducir respuestas HTTP fraccionando ataques mediante una secuencia de retornos de carro y saltos de línea en un contexto que no es una cabecera válida multi-línea. • http://osvdb.org/34484 http://secunia.com/advisories/24552 http://www-1.ibm.com/support/docview.wss?uid=swg1PK39732 http://www.securityfocus.com/bid/23086 http://www.securitytracker.com/id?1017806 http://www.vupen.com/english/advisories/2007/1062 https://exchange.xforce.ibmcloud.com/vulnerabilities/33123 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2006-7165
https://notcve.org/view.php?id=CVE-2006-7165
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." IBM WebSphere Application Server (WAS) 5.0 hasta 5.1.1.0 permite a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24013032 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2006-7164
https://notcve.org/view.php?id=CVE-2006-7164
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. SimpleFileServlet en IBM WebSphere Application Server 5.0.1 hasta 5.0.2.7 en Linux y UNIX no bloquea determinados URIs inválidos y no emite un desafío de seguridad, lo cual permite a atacantes remotos leer archivos seguros y obtener información sensible mediante determinadas peticiones. • http://www-1.ibm.com/support/docview.wss?uid=swg24013029 •
CVSS: 5.0EPSS: 1%CPEs: 34EXPL: 0CVE-2006-7166
https://notcve.org/view.php?id=CVE-2006-7166
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." IBM WebSphere Application Server (WAS) 5.1.1.9 y anteriores permiten a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24011720 http://www.securityfocus.com/bid/22991 http://www.vupen.com/english/advisories/2007/0970 •
CVSS: 10.0EPSS: 2%CPEs: 20EXPL: 0CVE-2006-6636
https://notcve.org/view.php?id=CVE-2006-6636
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. Vulnerabilidad no especificada en Utility Classes para IBM WebSphere Application Server (WAS) anterior a 5.1.1.13 y 6.x anterior a 6.0.2.17 tiene impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/23386 http://secunia.com/advisories/23414 http://www-1.ibm.com/support/docview.wss?uid=swg1PK29725 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/21608 http://www.securityfocus.com/bid/21636 http://www.vupen.com/english/advisories/2006/5017 http://www.vupen.com/english/advisories/2006/5050 https://exchange.xforce.ibmcloud.com/vulnerabilities/30903 •