142 matches found
CVE-2009-2748
IBM WebSphere Application Server Admin Console is affected by CVE-2009-2748: a cross-site scripting (XSS) vulnerability in the Administration Console for WAS 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Acc...
CVE-2011-3559
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...
Design/Logic Flaw
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...
CVE-2011-3559
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container...
CVE-2011-3559
CVE-2011-3559 : Open vulnerability affecting Oracle GlassFish Server/Web Container components. Multiple Nessus/OpenVAS entries describe an unspecified DoS vulnerability in GlassFish/Web Container that could affect availability, with affected versions including GlassFish 2.1.1 (up to 2.1.1.14), 3....
CVE-2011-1355
Open redirect vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter...
CVE-2010-3271
CVE-2010-3271 : IBM WebSphere Application Server (ISC admin console) is vulnerable to multiple CSRF flaws in 7.0.0.13 and earlier. The issues arise where POST requests to adminSecurityDetail.do (Edit) and then to syncworkspace.do (Save) can be forged to hijack an administrator’s session and disab...
Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which...
CVE-2011-1309
Summary: CVE-2011-1309 affects IBM WebSphere Application Server (WAS) 7.x prior to 7.0.0.15, where the Plug-in component does not properly handle trace requests. The impact is described as unspecified in the sources; no explicit exploitation details are provided. The issue is linked to multiple v...
CVE-2008-7274
CVE-2008-7274 affects IBM WebSphere Application Server 6.1.0.9 when JAAS Login is enabled, allowing an internal hashtable login if a password is omitted or left empty. Impact per sources: authentication bypass with I (partial) integrity impact, network vector, no confidentiality/a‑vailable impact...
CVE-2011-0315
IBM WebSphere Application Server (WAS) is affected by a cross-site scripting (XSS) vulnerability in the Servlet Engine/Web Container component. The issue affects WAS 6.1 prior to 6.1.0.35 and WAS 7.0 prior to 7.0.0.15, enabling remote attackers to inject arbitrary web script or HTML through vecto...
CVE-2010-0784
IBM WebSphere Application Server 7.x is affected by a cross-site scripting (XSS) vulnerability in the Administrative Console prior to 7.0.0.13. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. OpenVAS entries corroborate multiple vulnerabilities fo...
CVE-2010-0783
CVE-2010-0783 is an XSS vulnerability in the Administrative Console of IBM WebSphere Application Server (WAS). The affected products are IBM WebSphere Application Server 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML v...
CVE-2010-0777
CVE-2010-0777 affects IBM WebSphere Application Server Web Container. The issue arises from improper handling of long filenames, which can cause responses to include an incorrect file and disclose sensitive information. Affected products/versions: WAS 6.0 prior to 6.0.2.43, WAS 6.1 prior to 6.1.0...
CVE-2009-3106
CVE-2009-3106 affects IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37. The Servlet Engine/Web Container fails to properly enforce security constraints on the doGet and doTrace methods, allowing remote attackers to bypass access restrictions and potentially obtain sensitive informatio...
CVE-2009-0891
CVE-2009-0891 affects IBM WebSphere Application Server’s Web Services Security (WS-Security) bindings. The vulnerability arises because the WS-Security component in WAS versions 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23), and 6.0.2 before Fix Pack 33 (6.0.2.33) does not pr...
CVE-2009-0434
PerfServlet in IBM WebSphere Application Server (WAS) PMI/Performance Tools is affected: when PMI is enabled, a local attacker can read systemout.log and ffdc files to obtain sensitive information. Affected versions include WAS 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0....
CVE-2008-4017
Technical details for CVE-2008-4017 are not provided in the connected documents. The OC4J vulnerability in Oracle Application Server 10.1.2.3 is described as unspecified; monitor for updates from Oracle/NVD and other security advisories.
CVE-2008-5413
CVE-2008-5413 affects IBM WebSphere Application Server (WAS): PerfServlet in the PMI/Performance Tools component allows a local attacker to read sensitive information from logs (systemout.log) and ffdc files. Affected line in the public description specifies WAS 7 before 7.0.0.1 (and related note...
CVE-2008-4679
CVE-2008-4679 affects IBM WebSphere Application Server: Web Services Security in WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19. When Certificate Store Collections uses CRLs, the code path does not call setRevocationEnabled on PKIXBuilderParameters, preventing revocation checks for X.509 certi...