179 matches found
CVE-2010-3514
Unspecified vulnerability in the Oracle iPlanet Web Server Sun Java System Web Server component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container...
IBM WebSphere应用服务器Web容器GET请求远程拒绝服务漏洞
CVE ID: CVE-2010-0776 IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere应用服务器的Web容器在调用response.sendRedirect期间没有正确地处理分块传输编码,远程攻击者可以通过提交恶意的GET请求导致拒绝服务。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6....
IBM WebSphere应用服务器Web容器远程信息泄露漏洞
CVE ID: CVE-2010-0777 IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere应用服务器的Web容器在处理长度大于20个字符的超长文件名时可能会在响应中发送错误的文件,远程攻击者可以通过读取检索到的文件获取敏感信息。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0 厂商补丁:...
Design/Logic Flaw
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading...
CVE-2010-0777
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading...
IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...
IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - An unspecified denial of service vulnerability in the Java Message Service JMS. - An unspecified vulnerability in the Servlet...
CVE-2009-2088
The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on SSO and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL,"...
Code injection
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server WAS 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in 1 web-inf, 2 meta-inf, and unspecified other...
CVE-2008-4285
Unspecified vulnerability in the Performance Monitoring Infrastructure PMI feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service daemon crash via...
CVE-2008-4285
CVE-2008-4285 affects IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, specifically the Servlet Engine/Web Container PMI feature. When a component statistic is enabled, it allows a denial of service (daemon crash) via vectors described as a gradual degradation in performance. No expl...
Design/Logic Flaw
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-5944
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
CVE-2007-5944
Technical details about CVE-2007-5944 are not publicly available in the provided connected documents; no affected products, versions, vectors, or fixes are specified here. Monitor for updates.
Code injection
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server WAS before 6.1.0.7 has unknown impact and attack vectors...
CVE-2006-6637
The Servlet Engine and Web Container in IBM WebSphere Application Server WAS before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."...
CVE-2006-6637
The CVE-2006-6637 entry applies to IBM WebSphere Application Server (WAS) 6.0.x prior to 6.0.2.17, where enabling fileServingEnabled via ibm-web-ext.xmi and enabling servlet caching allows remote attackers to obtain JSP source code and other sensitive information through specific requests. Connec...
CVE-2005-4834
IBM WebSphere Application Server WAS 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container...