Lucene search
+L

5044 matches found

Cvelist
Cvelist
added 2006/08/18 7:55 p.m.30 views

CVE-2006-4223

IBM WebSphere Application Server WAS before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" PK23475, which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place...

6.1AI score0.01361EPSS
Exploits0References8
CVE
CVE
added 2006/08/18 7:55 p.m.56 views

CVE-2006-4223

CVE-2006-4223 affects IBM WebSphere Application Server (WAS) before version 6.0.2.13. The issue involves JSP source code exposure via context-dependent paths when ibm-web-ext.xmi sets fileServingEnabled to true or when ExtendedDocumentRoot places a JSP outside a WAR file. This allows an attacker ...

5CVSS6.1AI score0.01361EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2006/08/14 11:0 p.m.27 views

CVE-2006-4136

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving 1 "SOAP requests and responses", 2 mbean, 3 ThreadIdentitySupport, and possibly others...

6.9AI score0.01484EPSS
Exploits0References7
NVD
NVD
added 2006/05/17 10:6 a.m.21 views

CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

6.4CVSS6.4AI score0.02568EPSS
Exploits0References8
NVD
NVD
added 2006/05/17 10:6 a.m.18 views

CVE-2006-2429

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...

10CVSS6.4AI score0.01941EPSS
Exploits0References7
NVD
NVD
added 2006/05/17 10:6 a.m.18 views

CVE-2006-2431

Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...

4.3CVSS5.6AI score0.03007EPSS
Exploits0References16
Cvelist
Cvelist
added 2006/05/17 10:0 a.m.26 views

CVE-2006-2436

WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...

6.7AI score0.01982EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/05/17 10:0 a.m.22 views

CVE-2006-2429

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...

6.4AI score0.01941EPSS
Exploits0References7
securityvulns
securityvulns
added 2005/11/23 12:0 a.m.33 views

[SA17658] IBM WebSphere Application Server for z/OS Double-Free Vulnerability

TITLE: IBM WebSphere Application Server for z/OS Double-Free Vulnerability SECUNIA ADVISORY ID: SA17658 VERIFY ADVISORY: http://secunia.com/advisories/17658/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: IBM WebSphere Application Server 5.x...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2005/06/03 12:0 a.m.30 views

[SA15598] WebSphere Application Server Administrative Console Buffer Overflow

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/14 12:0 a.m.1014 views

IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...

5CVSS5.7AI score0.08639EPSS
Exploits0References2
exploitpack
exploitpack
added 2005/04/13 12:0 a.m.14 views

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure

IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.33 views

[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure

TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.14 views

IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability

Binary data 4530.prm...

5CVSS7.3AI score0.01674EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.13 views

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

Binary data 5076.prm...

10CVSS7.3AI score0.04254EPSS
Exploits0References6
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.25 views

CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...

6.8AI score0.01588EPSS
Exploits0References4
CVE
CVE
added 2002/03/15 5:0 a.m.46 views

CVE-2001-1189

IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...

4.6CVSS6.5AI score0.00326EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.28 views

CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...

6.1AI score0.00326EPSS
Exploits0References3
NVD
NVD
added 2001/12/13 5:0 a.m.19 views

CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...

4.6CVSS6.1AI score0.00326EPSS
Exploits0References3
exploitpack
exploitpack
added 2001/11/08 12:0 a.m.27 views

IBM HTTP Server 1.3.x - Source Code Disclosure

IBM HTTP Server 1.3.x - Source Code Disclosure source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' i...

7.5AI score
Exploits0
Rows per page
Query Builder