CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2006-7166
https://notcve.org/view.php?id=CVE-2006-7166
20 Mar 2007 — IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." IBM WebSphere Application Server (WAS) 5.1.1.9 y anteriores permiten a atacantes remotos obtener el código fuente JSP y otra información sensible mediante ciertas "URIs especiales". • http://secunia.com/advisories/24478 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5323
https://notcve.org/view.php?id=CVE-2006-5323
17 Oct 2006 — Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. Vulnerabilidad no especificada en IBM WebSphere Application Server anterior a 6.1.0.2 tiene impacto y vectores de ataque no especificados, relacionado con una "posible exposición de seguridad", también conocido como PK29360. • http://secunia.com/advisories/22372 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5324
https://notcve.org/view.php?id=CVE-2006-5324
17 Oct 2006 — The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. El componente de seguridad Web Services Notification (WSN) de IBM WebSphere Application Server anterior a 6.1.0.2 permite a atacantes obtener acceso no especificado sin suministrar nombre de usuario y contraseña, también conocido como PK28374. • http://secunia.com/advisories/22372 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2006-4222
https://notcve.org/view.php?id=CVE-2006-4222
18 Aug 2006 — Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. Múltiples vulnerabilidades no especificadas en el servidor de aplicaciones IBM WebSphere Application Server anterior a 6.0.2.13 tienen vectores e impacto no especificados, incluyendo (... • http://secunia.com/advisories/21487 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2006-4223
https://notcve.org/view.php?id=CVE-2006-4223
18 Aug 2006 — IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137. IBM WebSphere Application Server anterior a 6.0.2.13 permi... • http://secunia.com/advisories/21487 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2006-4136
https://notcve.org/view.php?id=CVE-2006-4136
14 Aug 2006 — Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. Múltiples vulnerabilidades no especificadas en IBM WebSphere Application Server anterior a 6.1.0.1 tienen impacto no especificado y vectores de ataque relacionados con (1) "peticiones y respuestas SOAP", (2) mbean, (2) ThreadIdentitySupport, y posiblemente otros. • http://secunia.com/advisories/21440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2006-3231
https://notcve.org/view.php?id=CVE-2006-3231
27 Jun 2006 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) antes de v6.0.2.11, cuando fileServingEnabled esta puesto a TRUE, permite a atacantes remotos obtener el código fuente JSP y otra información sensible a través de una "URI con caracteres especiales." • http://secunia.com/advisories/20732 •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2006-3232
https://notcve.org/view.php?id=CVE-2006-3232
27 Jun 2006 — Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." Vulnerabilidad sin especificar en el servidor de aplicaciones IBM WebSphere en versiones anteriores a la v6.0.2.11 tiene un impacto y vectores de ataque desconocidos debido a que "la caché UserNameToken no es usada apropiadamente". • http://secunia.com/advisories/20732 •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2006-2430
https://notcve.org/view.php?id=CVE-2006-2430
17 May 2006 — IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2006-2432
https://notcve.org/view.php?id=CVE-2006-2432
17 May 2006 — IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html •