CVSS: 4.3EPSS: 1%CPEs: 55EXPL: 0CVE-2010-2327
https://notcve.org/view.php?id=CVE-2010-2327
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. mod_ibm_ssl en IBM HTTP Server v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.33, y v7.0 anteriores a v7.0.0.11, como las utilizadas en IBM WebSphere Application Server (WAS) en z/OS, no gestionan de forma adecuada los body largos en las peticiones HTTP en las subidas sobre SSL, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo del demonio) a través de una subida. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10270 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.osvdb.org/65439 http://www.vupen.com/english/advisories/2010/1411 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2324
https://notcve.org/view.php?id=CVE-2010-2324
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www.vupen.com/english/advisories/2010/1411 •
CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0776
https://notcve.org/view.php?id=CVE-2010-0776
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragmentadas durante una llamada a response.sendRedirect, lo que permite a atacantes remotos provocar una denegación de servicio a través de una petición GET. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 https://exchange.xforce.ibmcloud.com/vulnerabilities/58556 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de una petición manipulada, relativo a los componentes nodeagent y Deployment Manager. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 https://exchange.xforce.ibmcloud.com/vulnerabilities/58555 • CWE-399: Resource Management Errors •
CVSS: 2.6EPSS: 0%CPEs: 76EXPL: 0CVE-2010-0777
https://notcve.org/view.php?id=CVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada los nombres de ficheros largos y consecuentemente envían un fichero incorrecto en algunas respuestas, lo que permite a atacantes remotos obtener información sensible leyendo el fichero obtenido. • http://secunia.com/advisories/39838 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/40277 http://www.vupen.com/english/advisories/2010/1200 https://exchange.xforce.ibmcloud.com/vulnerabilities/58557 • CWE-20: Improper Input Validation •