CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2006-2435
https://notcve.org/view.php?id=CVE-2006-2435
17 May 2006 — Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html •
CVSS: 6.1EPSS: 1%CPEs: 20EXPL: 1CVE-2006-2431 – IBM Websphere 6.0 - 'Faultactor' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2431
17 May 2006 — Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. • https://www.exploit-db.com/exploits/28981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2006-1093
https://notcve.org/view.php?id=CVE-2006-1093
09 Mar 2006 — Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. • http://securitytracker.com/id?1015716 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2005-4834
https://notcve.org/view.php?id=CVE-2005-4834
31 Dec 2005 — IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. • http://secunia.com/advisories/24478 •
CVSS: 7.5EPSS: 33%CPEs: 3EXPL: 0CVE-2005-3498
https://notcve.org/view.php?id=CVE-2005-3498
04 Nov 2005 — IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. • http://securitytracker.com/id?1015134 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 12%CPEs: 20EXPL: 1CVE-2005-1112 – IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure
https://notcve.org/view.php?id=CVE-2005-1112
16 Apr 2005 — IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. • https://www.exploit-db.com/exploits/25420 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0425
https://notcve.org/view.php?id=CVE-2005-0425
15 Feb 2005 — Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. Vulnerabilidad desconocida en IBM Websphere Application Server 5.0, 5.1, y 6.0 cuando es ejecutado en Windows, permite a atacantes remotos obtener el código fuente de Java Server Pages (.jsp) mediante una URL alterada que ... • http://secunia.com/advisories/14274 •