CVE-2010-0777
https://notcve.org/view.php?id=CVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada los nombres de ficheros largos y consecuentemente envían un fichero incorrecto en algunas respuestas, lo que permite a atacantes remotos obtener información sensible leyendo el fichero obtenido. • http://secunia.com/advisories/39838 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/40277 http://www.vupen.com/english/advisories/2010/1200 https://exchange.xforce.ibmcloud.com/vulnerabilities/58557 • CWE-20: Improper Input Validation •
CVE-2010-0775
https://notcve.org/view.php?id=CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. Vulnerabilidad no específica en IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del demonio) a través de una petición manipulada, relativo a los componentes nodeagent y Deployment Manager. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM05663 https://exchange.xforce.ibmcloud.com/vulnerabilities/58555 • CWE-399: Resource Management Errors •
CVE-2010-0776
https://notcve.org/view.php?id=CVE-2010-0776
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. El Web Container en IBM WebSphere Application Server (WAS) v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.31, y v7.0 anteriores a v7.0.0.11 no maneja de forma adecuada la codificación de transferencias fragmentadas durante una llamada a response.sendRedirect, lo que permite a atacantes remotos provocar una denegación de servicio a través de una petición GET. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM08760 https://exchange.xforce.ibmcloud.com/vulnerabilities/58556 • CWE-20: Improper Input Validation •
CVE-2010-1650
https://notcve.org/view.php?id=CVE-2010-1650
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. IBM WebSphere Application Server (WAS) v6.0.x antes de v6.0.2.41, v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando la opción -trace (esto es, el modo de depuración) está habilitada, imprime cadenas de debug de objetos no especificados, lo que permite a los atacantes obtener información sensible mediante la lectura de las trazas de salida. • http://secunia.com/advisories/39628 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://www.vupen.com/english/advisories/2010/0994 https://exchange.xforce.ibmcloud.com/vulnerabilities/58323 • CWE-310: Cryptographic Issues •
CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar una negociación SSL. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93653 http://www.securityfocus.com/bid/39056 https://exchange.xforce.ibmcloud.com/vulnerabilities/57182 • CWE-399: Resource Management Errors •