CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2008-5412
https://notcve.org/view.php?id=CVE-2008-5412
10 Dec 2008 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) versiones 7 y anteriores a 7.0.0.1 en Windows, presenta un impacto y vectores de ataque desconocidos relacionados con JSP. • http://secunia.com/advisories/33022 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5413
https://notcve.org/view.php?id=CVE-2008-5413
10 Dec 2008 — PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. PerfServlet en el componente PMI/Performance Tools en IBM WebSphere Application Server (WAS) versiones 7 anteriores a 7.0.0.1, permite a los atacantes obtener información confidencial mediante la lectura de los archivos (1) systemout.log y (2) ffd... • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2008-2550
https://notcve.org/view.php?id=CVE-2008-2550
04 Jun 2008 — Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. Vulnerabilidad sin especificar del componente Web Services Security en Web Services Security (WAS) versiones 6.1 anteriores a la 6.1.0.17 tiene un impacto desconocido y vectores de ataque relacionados con un atributo de la cabecera de seguridad SOAP. • http://secunia.com/advisories/30526 •
CVSS: 10.0EPSS: 1%CPEs: 40EXPL: 0CVE-2008-0389
https://notcve.org/view.php?id=CVE-2008-0389
23 Jan 2008 — Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. Una vulnerabilidad no especificada en la función serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/28576 •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2007-6679
https://notcve.org/view.php?id=CVE-2007-6679
10 Jan 2008 — Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. Una vulnerabilidad no especificada en la Consola Administrativa en IBM WebSphere Application Server versión 6.1 anterior a Fix Pack 13, presenta vectores de ataques e impactos desconocidos, relacionados a "security concerns wi... • http://secunia.com/advisories/28588 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5798
https://notcve.org/view.php?id=CVE-2007-5798
03 Nov 2007 — Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicaciones WebSphere de I... • http://osvdb.org/41618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5799
https://notcve.org/view.php?id=CVE-2007-5799
03 Nov 2007 — Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades en la falsificación de petición en sitios cruzados (CSRF) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicacion... • http://osvdb.org/41619 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4833
https://notcve.org/view.php?id=CVE-2007-4833
12 Sep 2007 — Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. Vulnerabilidad no especificada en el componente Edge en IBM WebSphere Application Server (WAS) 6.1 anterior a Fix Pack 11 (6.1.0.11) tiene un impacto desconocido y vectores de ataque, también conocido como PK44789. • http://osvdb.org/41617 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2007-3397
https://notcve.org/view.php?id=CVE-2007-3397
26 Jun 2007 — The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. El contenedor web en IBM WebSphere Application Server (WAS) anterior a 6.0.2.21, y 6.1.x anterior a 6.1.0.9, envía los datos de respuesta previstos para una petición diferente en ciertas circunstancias después de un error de cierr... • http://osvdb.org/41644 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3262
https://notcve.org/view.php?id=CVE-2007-3262
19 Jun 2007 — Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. Vulnerabilidad no especificada en en el componente Default Messaging Component de IBM WebSphere Application Server(WAS) 6.1.0.7 y anteriores permite a atacantes remotos provocar una denegación de servicio relacionado con u... • http://osvdb.org/41614 •