RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1380 advisory. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java R...

Critical: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: jbossws-common security update

An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: jbossws-common security update

An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Web Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...

Important: Red Hat Security Advisory: jbossws-common security update

An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...

IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...

IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 17 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...

IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability

The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasxmlencryptioninfodisclosurevuln.nasl 7006 2017-08-25 11:51:20Z teissa $ IBM WebSphere Application Server WS-Security XML Encryption Weakness...

IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2011-1209

IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...

CVE-2011-1209

CVE-2011-1209 affects IBM WebSphere Application Server: WAS 6.1 before 6.1.0.39 and WAS 7.0 before 7.0.0.17 use a weak WS-Security XML encryption algorithm, enabling a remote decryption attack to obtain plaintext data from JAX-RPC/JAX-WS requests. Exploitation details/vectors are not specified in...

IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 13 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. PM14251 - ...

Design/Logic Flaw

The Web Services Security component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services aka JAX-WS, which allows remote attackers to cause a denial of service data corruption via a crafted JAX-WS request that leads to incorrect...

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services aka JAX-WS, which allows remote attackers to cause a denial of service data corruption via a crafted JAX-WS request that leads to incorrect...

CVE-2010-0786

IBM WebSphere Application Server 7.x is affected by CVE-2010-0786 in the Web Services Security/JAX-WS handling. WAS 7.0 before 7.0.0.13 allows remote attackers to trigger a denial of service via a crafted JAX-WS request that leads to data corruption due to improper JAX-WS implementation. Affected...

IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability

The host is running IBM WebSphere Application Server and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: secpodibmwastimestampunspecifiedvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability Authors: Antu...

IBM WebSphere Application Server 7.x < 7.0.0.13 WS-Security Policy Vulnerability

IBM WebSphere Application Server is prone to a vulnerability when using WS-Security enabled JAX-WS web service application. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Code injection

IBM WebSphere Application Server WAS 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and...

CVE-2010-3186

IBM WebSphere Application Server WAS 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and...