CVE-2009-1898
https://notcve.org/view.php?id=CVE-2009-1898
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. la página de "secure login" en el componente Administrative console en IBM WebSphere Application Server (WAS)v6.0.2 anterior a v6.0.2.35 no redirecciona a una página https hasta que recibe una petición http, lo que facilita a atacantes remotos la lectura de los contenidos de las sesiones WAS capturando paquetes de la red. • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573 https://exchange.xforce.ibmcloud.com/vulnerabilities/48700 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4283
https://notcve.org/view.php?id=CVE-2008-4283
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el componente WebContainer en IBM WebSphere Application Server (WAS) v5.1.1.19 y versiones anteriores a v5.1.x, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de separación de respuestas HTTP de su elección. • http://www-1.ibm.com/support/docview.wss?uid=isg1SE35864 http://www-1.ibm.com/support/docview.wss?uid=swg1PK69929 http://www.securityfocus.com/bid/33700 https://exchange.xforce.ibmcloud.com/vulnerabilities/47199 • CWE-20: Improper Input Validation •
CVE-2008-5412
https://notcve.org/view.php?id=CVE-2008-5412
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) versiones 7 y anteriores a 7.0.0.1 en Windows, presenta un impacto y vectores de ataque desconocidos relacionados con JSP. • http://secunia.com/advisories/33022 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/47134 •
CVE-2008-5413
https://notcve.org/view.php?id=CVE-2008-5413
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. PerfServlet en el componente PMI/Performance Tools en IBM WebSphere Application Server (WAS) versiones 7 anteriores a 7.0.0.1, permite a los atacantes obtener información confidencial mediante la lectura de los archivos (1) systemout.log y (2) ffdc. NOTA: esto es probablemente un duplicado de CVE-2009-0434. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 http://www.vupen.com/english/advisories/2009/0423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •