Lucene search
K

142 matches found

CVE
CVE
added 2011/10/30 10:0 a.m.61 views

CVE-2009-2748

IBM WebSphere Application Server Admin Console is affected by CVE-2009-2748: a cross-site scripting (XSS) vulnerability in the Administration Console for WAS 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Acc...

4.3CVSS5.6AI score0.01656EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2011/10/18 10:55 p.m.23 views

CVE-2011-3559

Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...

7.8CVSS5.8AI score0.0314EPSS
Exploits0References7
Prion
Prion
added 2011/10/18 10:55 p.m.23 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...

7.8CVSS6.3AI score0.0314EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2011/10/18 10:0 p.m.36 views

CVE-2011-3559

Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...

5.8AI score0.0314EPSS
Exploits0References7
CVE
CVE
added 2011/10/18 10:0 p.m.81 views

CVE-2011-3559

CVE-2011-3559 : Open vulnerability affecting Oracle GlassFish Server/Web Container components. Multiple Nessus/OpenVAS entries describe an unspecified DoS vulnerability in GlassFish/Web Container that could affect availability, with affected versions including GlassFish 2.1.1 (up to 2.1.1.14), 3....

7.8CVSS5.8AI score0.0314EPSS
Exploits0References7Affected Software3
NVD
NVD
added 2011/07/19 8:55 p.m.17 views

CVE-2011-1355

Open redirect vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter...

5.8CVSS6.4AI score0.01867EPSS
Exploits1References3
CVE
CVE
added 2011/07/18 10:0 p.m.57 views

CVE-2010-3271

CVE-2010-3271 : IBM WebSphere Application Server (ISC admin console) is vulnerable to multiple CSRF flaws in 7.0.0.13 and earlier. The issues arise where POST requests to adminSecurityDetail.do (Edit) and then to syncworkspace.do (Save) can be forged to hijack an administrator’s session and disab...

6.8CVSS7AI score0.02096EPSS
Exploits6References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2011/04/19 12:0 a.m.33 views

Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which...

10CVSS2.8AI score0.60878EPSS
Exploits6References1
CVE
CVE
added 2011/03/08 9:0 p.m.53 views

CVE-2011-1309

Summary: CVE-2011-1309 affects IBM WebSphere Application Server (WAS) 7.x prior to 7.0.0.15, where the Plug-in component does not properly handle trace requests. The impact is described as unspecified in the sources; no explicit exploitation details are provided. The issue is linked to multiple v...

7.5CVSS6.5AI score0.01187EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/02/14 11:0 p.m.69 views

CVE-2008-7274

CVE-2008-7274 affects IBM WebSphere Application Server 6.1.0.9 when JAAS Login is enabled, allowing an internal hashtable login if a password is omitted or left empty. Impact per sources: authentication bypass with I (partial) integrity impact, network vector, no confidentiality/a‑vailable impact...

4.3CVSS6.6AI score0.00971EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2011/01/12 12:0 a.m.60 views

CVE-2011-0315

IBM WebSphere Application Server (WAS) is affected by a cross-site scripting (XSS) vulnerability in the Servlet Engine/Web Container component. The issue affects WAS 6.1 prior to 6.1.0.35 and WAS 7.0 prior to 7.0.0.15, enabling remote attackers to inject arbitrary web script or HTML through vecto...

4.3CVSS5.6AI score0.0192EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2010/11/09 8:0 p.m.59 views

CVE-2010-0784

IBM WebSphere Application Server 7.x is affected by a cross-site scripting (XSS) vulnerability in the Administrative Console prior to 7.0.0.13. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. OpenVAS entries corroborate multiple vulnerabilities fo...

4.3CVSS5.6AI score0.01292EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2010/11/09 8:0 p.m.64 views

CVE-2010-0783

CVE-2010-0783 is an XSS vulnerability in the Administrative Console of IBM WebSphere Application Server (WAS). The affected products are IBM WebSphere Application Server 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML v...

4.3CVSS5.6AI score0.01965EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2010/05/17 10:0 p.m.64 views

CVE-2010-0777

CVE-2010-0777 affects IBM WebSphere Application Server Web Container. The issue arises from improper handling of long filenames, which can cause responses to include an incorrect file and disclose sensitive information. Affected products/versions: WAS 6.0 prior to 6.0.2.43, WAS 6.1 prior to 6.1.0...

2.6CVSS5.9AI score0.01881EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2009/09/08 10:0 p.m.56 views

CVE-2009-3106

CVE-2009-3106 affects IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37. The Servlet Engine/Web Container fails to properly enforce security constraints on the doGet and doTrace methods, allowing remote attackers to bypass access restrictions and potentially obtain sensitive informatio...

5CVSS6.2AI score0.02775EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/03/25 1:0 a.m.56 views

CVE-2009-0891

CVE-2009-0891 affects IBM WebSphere Application Server’s Web Services Security (WS-Security) bindings. The vulnerability arises because the WS-Security component in WAS versions 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23), and 6.0.2 before Fix Pack 33 (6.0.2.33) does not pr...

5.5CVSS6AI score0.01764EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2009/02/10 10:13 p.m.51 views

CVE-2009-0434

PerfServlet in IBM WebSphere Application Server (WAS) PMI/Performance Tools is affected: when PMI is enabled, a local attacker can read systemout.log and ffdc files to obtain sensitive information. Affected versions include WAS 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0....

1.9CVSS5.5AI score0.00321EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2009/01/14 2:0 a.m.48 views

CVE-2008-4017

Technical details for CVE-2008-4017 are not provided in the connected documents. The OC4J vulnerability in Oracle Application Server 10.1.2.3 is described as unspecified; monitor for updates from Oracle/NVD and other security advisories.

5CVSS8.3AI score0.01307EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2008/12/10 12:0 a.m.52 views

CVE-2008-5413

CVE-2008-5413 affects IBM WebSphere Application Server (WAS): PerfServlet in the PMI/Performance Tools component allows a local attacker to read sensitive information from logs (systemout.log) and ffdc files. Affected line in the public description specifies WAS 7 before 7.0.0.1 (and related note...

5CVSS5.7AI score0.0145EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2008/10/22 5:0 p.m.54 views

CVE-2008-4679

CVE-2008-4679 affects IBM WebSphere Application Server: Web Services Security in WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19. When Certificate Store Collections uses CRLs, the code path does not call setRevocationEnabled on PKIXBuilderParameters, preventing revocation checks for X.509 certi...

6.8CVSS6.4AI score0.01559EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder