5044 matches found
IBM WebSphere Application Server本地信息泄漏漏洞
Bugraq ID: 36458 CVE ID:CVE-2009-2743 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server允许本地攻击者获得敏感信息。 在使用wsadmin脚本和配置了JAAS-J2C验证数据后,当部分异常发生时存在一个错误,通过查看FFDC日志文件,攻击者可以获得敏感信息。 IBM Websphere Application Server 6.1 25 IBM Websphere Application Server 6.1 23 IBM...
CVE-2009-0906
The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...
CVE-2009-2087
The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...
CVE-2009-2087
The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...
CVE-2009-2089
CVE-2009-2089 affects IBM WebSphere Application Server: the Migration component in WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 can reveal sensitive information by readers of a Migration Trace file when tracing during a 6.1→7.0 migration. The issue enables remote authenticated users to obtain p...
CVE-2009-0904
The CVE-2009-0904 issue affects IBM WebSphere Application Server 6.1 before 6.1.0.25, specifically the Stax XMLStreamWriter in the Web Services component. The root cause is improper XML encoding handling, which can allow remote attackers to bypass access controls and potentially modify data via X...
Design/Logic Flaw
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...
CVE-2009-1953
IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...
CVE-2009-1901
The Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors...
CVE-2009-1899
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...
Code injection
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...
CVE-2009-1899
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...
IBM WebSphere Application Server < 6.1.0.23 Multiple Vulnerabilities
Binary data 4996.prm...
[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities
Digital Security Research Group DSecRG Advisory DSECRG-09-013 !!! official advisory: !!! http://dsecrg.com/pages/vul/DSECRG-09-013.html Application: IBM WebSphere Application Server Versions Affected: 7.0 and 6.1 Vendor URL: http://www.ibm.com/websphere/ Bug: Multiple XSS Vulnerabilities Exploits...
CVE-2009-1174
The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...
CVE-2009-1174
The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...
CVE-2009-1174
IBM WebSphere Application Server shows a vulnerability in its Web Services Security XML digital-signature handling. Affected products/versions: WebSphere Application Server 6.0.2 prior to 6.0.2.35 and 7.0 prior to 7.0.0.3. Root cause: an unspecified security problem in the XML digital-signature s...
CVE-2009-1172
CVE-2009-1172 affects IBM WebSphere Application Server (WAS). The JAX-RPC WS-Security runtime in WAS 6.1 before 6.1.0.23 and WAS 7.0 before 7.0.0.3, with APAR PK41002 installed, does not properly validate UsernameToken objects. The initial description notes impact as unknown and does not provide ...
CVE-2009-0856
Multiple cross-site scripting XSS vulnerabilities in sample applications in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...