Lucene search
+L

5044 matches found

seebug.org
seebug.org
added 2009/09/21 12:0 a.m.31 views

IBM WebSphere Application Server本地信息泄漏漏洞

Bugraq ID: 36458 CVE ID:CVE-2009-2743 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server允许本地攻击者获得敏感信息。 在使用wsadmin脚本和配置了JAAS-J2C验证数据后,当部分异常发生时存在一个错误,通过查看FFDC日志文件,攻击者可以获得敏感信息。 IBM Websphere Application Server 6.1 25 IBM Websphere Application Server 6.1 23 IBM...

2.1CVSS6.4AI score0.00387EPSS
Exploits1
NVD
NVD
added 2009/08/13 6:30 p.m.22 views

CVE-2009-0906

The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...

6.5CVSS6.2AI score0.01205EPSS
Exploits0References4
Prion
Prion
added 2009/08/13 6:30 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...

5CVSS7AI score0.02562EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2009/08/13 6:30 p.m.23 views

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

2.1CVSS6.2AI score0.00217EPSS
Exploits0References5
Cvelist
Cvelist
added 2009/08/13 6:0 p.m.28 views

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

6.2AI score0.00217EPSS
Exploits0References5
CVE
CVE
added 2009/08/13 6:0 p.m.59 views

CVE-2009-2089

CVE-2009-2089 affects IBM WebSphere Application Server: the Migration component in WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 can reveal sensitive information by readers of a Migration Trace file when tracing during a 6.1→7.0 migration. The issue enables remote authenticated users to obtain p...

2.1CVSS5.7AI score0.01327EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2009/07/05 4:0 p.m.62 views

CVE-2009-0904

The CVE-2009-0904 issue affects IBM WebSphere Application Server 6.1 before 6.1.0.25, specifically the Stax XMLStreamWriter in the Web Services component. The root cause is improper XML encoding handling, which can allow remote attackers to bypass access controls and potentially modify data via X...

6.4CVSS6.8AI score0.02022EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2009/06/08 1:0 a.m.23 views

Design/Logic Flaw

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...

4.6CVSS6.4AI score0.00945EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2009/06/08 1:0 a.m.14 views

CVE-2009-1953

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...

4.6CVSS6AI score0.00945EPSS
Exploits0References4
NVD
NVD
added 2009/06/03 5:0 p.m.19 views

CVE-2009-1901

The Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors...

10CVSS6.4AI score0.01541EPSS
Exploits0References5
NVD
NVD
added 2009/06/03 5:0 p.m.26 views

CVE-2009-1899

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...

10CVSS5.4AI score0.04254EPSS
Exploits0References9
Prion
Prion
added 2009/06/03 5:0 p.m.26 views

Code injection

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...

10CVSS5.7AI score0.04254EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2009/06/03 4:33 p.m.28 views

CVE-2009-1899

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...

5.4AI score0.04254EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2009/04/17 12:0 a.m.28 views

IBM WebSphere Application Server < 6.1.0.23 Multiple Vulnerabilities

Binary data 4996.prm...

10CVSS7.3AI score0.05979EPSS
Exploits1References11
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.65 views

[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-09-013 !!! official advisory: !!! http://dsecrg.com/pages/vul/DSECRG-09-013.html Application: IBM WebSphere Application Server Versions Affected: 7.0 and 6.1 Vendor URL: http://www.ibm.com/websphere/ Bug: Multiple XSS Vulnerabilities Exploits...

0.2AI score
Exploits0
NVD
NVD
added 2009/03/31 2:9 p.m.17 views

CVE-2009-1174

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...

10CVSS6.4AI score0.02358EPSS
Exploits0References9
Cvelist
Cvelist
added 2009/03/31 10:0 a.m.20 views

CVE-2009-1174

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...

6.4AI score0.02358EPSS
Exploits0References9
CVE
CVE
added 2009/03/31 10:0 a.m.64 views

CVE-2009-1174

IBM WebSphere Application Server shows a vulnerability in its Web Services Security XML digital-signature handling. Affected products/versions: WebSphere Application Server 6.0.2 prior to 6.0.2.35 and 7.0 prior to 7.0.0.3. Root cause: an unspecified security problem in the XML digital-signature s...

10CVSS6.6AI score0.02358EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2009/03/31 10:0 a.m.56 views

CVE-2009-1172

CVE-2009-1172 affects IBM WebSphere Application Server (WAS). The JAX-RPC WS-Security runtime in WAS 6.1 before 6.1.0.23 and WAS 7.0 before 7.0.0.3, with APAR PK41002 installed, does not properly validate UsernameToken objects. The initial description notes impact as unknown and does not provide ...

10CVSS6.5AI score0.01826EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2009/03/09 9:30 p.m.25 views

CVE-2009-0856

Multiple cross-site scripting XSS vulnerabilities in sample applications in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References7
Rows per page
Query Builder