CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2325
https://notcve.org/view.php?id=CVE-2010-2325
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11778 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0774
https://notcve.org/view.php?id=CVE-2010-0774
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementaciones (1) JAX-RPC WS-Security v1.0 y (2) JAX-WS en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.41, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no manejan de forma adecuada los elementos WebServices PKCS#7 and PKIPath, lo que permite a usuarios remotos saltarse las restricciones de acceso a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK96427 https://exchange.xforce.ibmcloud.com/vulnerabilities/58554 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0777
https://notcve.org/view.php?id=CVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada los nombres de ficheros largos y consecuentemente envían un fichero incorrecto en algunas respuestas, lo que permite a atacantes remotos obtener información sensible leyendo el fichero obtenido. • http://secunia.com/advisories/39838 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/40277 http://www.vupen.com/english/advisories/2010/1200 https://exchange.xforce.ibmcloud.com/vulnerabilities/58557 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de una petición manipulada, relativo a los componentes nodeagent y Deployment Manager. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 https://exchange.xforce.ibmcloud.com/vulnerabilities/58555 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0776
https://notcve.org/view.php?id=CVE-2010-0776
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragmentadas durante una llamada a response.sendRedirect, lo que permite a atacantes remotos provocar una denegación de servicio a través de una petición GET. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 https://exchange.xforce.ibmcloud.com/vulnerabilities/58556 • CWE-20: Improper Input Validation •