5044 matches found
IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting
IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting source: https://www.securityfocus.com/bid/34001/info IBM WebSphere Application Server WAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker m...
CVE-2009-0504
The CVE-2009-0504 issue affects IBM WebSphere Application Server 7.0.x (Web Services/WSPolicy). Before version 7.0.0.1, WSPolicy does not correctly recognize IDAssertion.isUsed, enabling local users to read a SOAP message and discover a password. The NVD entry notes a LOW impact with LOCAL access...
Information disclosure
The Installation Factory installation process for IBM WebSphere Application Server WAS 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file...
CVE-2009-0432
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors...
Code injection
The 1 modibmssl and 2 modcgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server WAS, set incorrect permissions for AFUNIX sockets, which has unknown impact and local attack vectors...
CVE-2009-0435
Unspecified vulnerability in the IBM Asynchronous I/O aka AIO or libibmaio library in the Java Message Service JMS component in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service daemon crash via vectors related to the aiogetioev2 a...
CVE-2009-0436
CVE-2009-0436 affects IBM HTTP Server integrated with WebSphere (was 6.0.x prior to 6.0.2.31; 6.1.x prior to 6.1.0.19). The mod_ibm_ssl and mod_cgid modules set incorrect permissions on AF_UNIX sockets. Impact is described as unknown and local access vectors are indicated; no public exploit detai...
CVE-2009-0435
IBM WebSphere Application Server 6.1.x on AIX 5.3 is affected by a denial-of-service vulnerability in the IBM JMS AIO/libibmaio library (aio_getioev2 and getEvent). The issue exists in WAS 6.1.x before 6.1.0.17 and can cause a daemon crash. Remediation: upgrade to WAS 6.1.0.17 or later Fix Pack t...
Code injection
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors...
Security feature bypass
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server WAS 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."...
IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability
Binary data 4685.prm...
CVE-2008-3236
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...
Information disclosure
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...
CVE-2008-3235
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 has unknown impact and attack vectors...
CVE-2008-3236
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...
CVE-2008-3236
The vulnerability CVE-2008-3236 affects IBM WebSphere Application Server (WAS) 5.1 and earlier, in the Wsadmin within the System Management/Repository component. The root cause is that previously encrypted properties were not actually encrypted, enabling an attacker to obtain sensitive informatio...
CVE-2008-2550
IBM WebSphere Application Server 6.1 prior to 6.1.0.17 is affected by a vulnerability in the Web Services Security SOAP header attribute, with unspecified impact and attack vectors. The issue is associated with CVE-2008-2550. Public references note the vulnerability exists in WAS 6.1 before Fix P...
CVE-2008-0741
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server WAS before 6.0.2 Fix Pack 25 6.0.2.25 has unknown impact and attack vectors...
CVE-2007-5944
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
The version of IBM WebSphere Application installed on the remote host fails to sanitize input to the 'keyField', 'nameField', 'valueField', and 'frameReturn' parameters of the 'uddigui/navigateTree.do' script before using it to generate dynamic content. An unauthenticated remote attacker may be...