5044 matches found
CVE-2010-4220
IBM WebSphere Application Server 7.x is vulnerable to a cross-site scripting (XSS) issue in the Integrated Solution Console and Administrative Console. The vulnerability, CVE-2010-4220, arises from improper input filtering (related to URL injection) and affects WAS 7.0 before 7.0.0.13. Remote att...
CVE-2010-0783
Cross-site scripting XSS vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
The host is running IBM WebSphere Application Server and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: secpodibmwastimestampunspecifiedvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability Authors: Antu...
Code injection
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service CPU consumption via a crafted URL...
CVE-2010-0779
CVE-2010-0779 is an XSS vulnerability in IBM WebSphere Application Server (WAS) with affected versions: 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11. The issue is described as a cross-site scripting flaw in the Administration Console that allows remote attackers to inject arb...
CVE-2010-2327
modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...
Design/Logic Flaw
modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...
Design/Logic Flaw
The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...
CVE-2010-2326
CVE-2010-2326 affects IBM WebSphere Application Server 7.0 prior to 7.0.0.11. When addNode -trace is used during node federation, an attacker can read addNode.log to obtain sensitive information about CIMMetadataCollectorImpl trace actions. Root cause is information disclosure via debugging/loggi...
CVE-2010-2324
IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...
CVE-2010-2326
IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...
CVE-2010-2327
modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...
CVE-2010-2328
The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...
IBM WebSphere Application Server 'addNode.log' Information Disclosure Vulnerability
IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. A local authenticated attacker can exploit this issue to gain access to sensitive information; this may aid in further attacks. Versions prior to WAS 7.0.0.11 are vulnerable. OpenVAS Vulnerability Test $Id:...
Cross site scripting
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...
Cross site scripting
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...
CVE-2010-2087
CVE-2010-2087: Oracle Mojarra 1.2_14 and 2.0.2 (as used in IBM WebSphere Application Server, Caucho Resin, and other apps) fails to properly protect an unencrypted view state. This enables remote attackers to perform cross-site scripting (XSS) or execute arbitrary Expression Language (EL) stateme...
CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...
IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability
IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. This issue affects WAS 6.0, 6.1, and 7.0. OpenVAS Vulnerability Test $Id: gbibmwebsphere40277.nas...
CVE-2010-0774
The 1 JAX-RPC WS-Security 1.0 and 2 JAX-WS runtime implementations in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS7 and PKIPath tokens, which allows remote attackers to bypass intended access...