CVE-2014-0949
https://notcve.org/view.php?id=CVE-2014-0949
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos causar una denegación de servicio (consumo de recursos y caída de demonio) a través de una solicitud web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92622 • CWE-399: Resource Management Errors •
CVE-2014-0959
https://notcve.org/view.php?id=CVE-2014-0959
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a usuarios remotos autenticados causar una denegación de servicio (bucle infinito) a través de una redirección de inicio de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92741 • CWE-20: Improper Input Validation •
CVE-2014-0964
https://notcve.org/view.php?id=CVE-2014-0964
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. IBM WebSphere Application Server (WAS) 6.1.0.0 hasta 6.1.0.47 y 6.0.2.0 hasta 6.0.2.43 permite a atacantes remotos causar una denegación de servicio a través de trafico TLS manipulado, tal y como fue demostrado por trafico de una herramienta de asesoramiento de vulnerabilidad de CVE-2014-0160. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14306 http://www-01.ibm.com/support/docview.wss?uid=swg1PI16981 http://www-01.ibm.com/support/docview.wss?uid=swg1PI17128 http://www-01.ibm.com/support/docview.wss?uid=swg21671835 http://www-304.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •
CVE-2014-0917 – IBM Eclipse Help System (IEHS) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0917
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Eclipse Help System (IEHS) versions 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 suffer from a cross site scripting vulnerability. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 http://www-01.ibm.com/support/docview.wss?uid=swg21670753 http://www.securityfocus.com/bid/67339 https://exchange.xforce.ibmcloud.com/vulnerabilities/91979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0918
https://notcve.org/view.php?id=CVE-2014-0918
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 http://www-01.ibm.com/support/docview.wss?uid=swg21670753 http://www.securityfocus.com/bid/67340 https://exchange.xforce.ibmcloud.com/vulnerabilities/91980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •