CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1316
https://notcve.org/view.php?id=CVE-2011-1316
08 Mar 2011 — The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. El proxy Session Initiation Protocol (SIP) en el componente de transporte HTTP de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (agotamiento de los hilo de trabajo y c... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1309
https://notcve.org/view.php?id=CVE-2011-1309
08 Mar 2011 — The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. El componente Plug-in en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 no maneja adecuadamente las solicitudes de rastreo, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1313
https://notcve.org/view.php?id=CVE-2011-1313
08 Mar 2011 — Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. Doble vulnerabilidad libre en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, permite Servidore... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1308
https://notcve.org/view.php?id=CVE-2011-1308
08 Mar 2011 — Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Installation Verification Test (IVT) en el componente Install en IBM WebSphere Application Server (WAS) anteriores a v7.0.0.15, permite a atacantes remotos iny... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1307
https://notcve.org/view.php?id=CVE-2011-1307
08 Mar 2011 — The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. El programa de instalación de IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 utiliza permisos 777 para un directorio de registro temporal, lo que permite a los usuarios locales a tener acceso a los archivos de registro a través d... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1310
https://notcve.org/view.php?id=CVE-2011-1310
08 Mar 2011 — The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. El componente Administrative Scripting Tools en IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.35 y v7.x anterior a v7.0.0.15, cuando el seguimiento e... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2011-1312
https://notcve.org/view.php?id=CVE-2011-1312
08 Mar 2011 — The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. El componente Administrative Console de IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.31 y v7.x anteriores a v7.0.0.15 no impide que las modificaciones de la id... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1317
https://notcve.org/view.php?id=CVE-2011-1317
08 Mar 2011 — Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. Pérdida de memoria en com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500 • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1320
https://notcve.org/view.php?id=CVE-2011-1320
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. El componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, cuando se utili... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1319
https://notcve.org/view.php?id=CVE-2011-1319
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication. El componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, permite a usuarios autenticados remotamente provocar una denegación de servicio (consumo de memoria) mediant... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644 • CWE-399: Resource Management Errors •