CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4720
https://notcve.org/view.php?id=CVE-2019-4720
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada mediante el envío de una petición especialmente diseñada. Un atacante remoto podría explotar esta vulnerabilidad para causar que el servidor consuma toda la memoria disponible. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 https://www.ibm.com/support/pages/node/1285372 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4305
https://notcve.org/view.php?id=CVE-2019-4305
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. IBM WebSphere Application Server Liberty, podría permitir a un atacante remoto obtener información confidencial causada por la configuración inapropiada de una cookie. ID de IBM X-Force: 160951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 https://www.ibm.com/support/pages/node/960171 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4304
https://notcve.org/view.php?id=CVE-2019-4304
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. IBM WebSphere Application Server - Liberty, podría permitir a un atacante remoto omitir las restricciones de seguridad causadas por una comprobación de sesión inapropiada. ID de IBM X-Force: 160950. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160950 https://www.ibm.com/support/pages/node/960171 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4046
https://notcve.org/view.php?id=CVE-2019-4046
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a denegaciones de servicio causadas por una gestión inadecuada de las cabeceras de peticiones. Un atacante remoto podría explotar esta vulnerabilidad para provocar un consumo de memoria. • http://www.securityfocus.com/bid/107623 https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 https://www.ibm.com/support/docview.wss?uid=ibm10869570 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1902
https://notcve.org/view.php?id=CVE-2018-1902
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. IBM WebSphere Application Server, en versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto suplantar la información de conexión, la cual podría emplearse para lanzar otros ataques contra el sistema. IBM X-Force ID: 152531. • http://www.securityfocus.com/bid/107383 https://exchange.xforce.ibmcloud.com/vulnerabilities/152531 https://www.ibm.com/support/docview.wss?uid=ibm10795115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •