5044 matches found
CVE-2006-4223
IBM WebSphere Application Server WAS before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" PK23475, which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place...
CVE-2006-4223
CVE-2006-4223 affects IBM WebSphere Application Server (WAS) before version 6.0.2.13. The issue involves JSP source code exposure via context-dependent paths when ibm-web-ext.xmi sets fileServingEnabled to true or when ExtendedDocumentRoot places a JSP outside a WAR file. This allows an attacker ...
CVE-2006-4136
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving 1 "SOAP requests and responses", 2 mbean, 3 ThreadIdentitySupport, and possibly others...
CVE-2006-2435
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...
CVE-2006-2429
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...
CVE-2006-2431
Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...
CVE-2006-2436
WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...
CVE-2006-2429
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...
[SA17658] IBM WebSphere Application Server for z/OS Double-Free Vulnerability
TITLE: IBM WebSphere Application Server for z/OS Double-Free Vulnerability SECUNIA ADVISORY ID: SA17658 VERIFY ADVISORY: http://secunia.com/advisories/17658/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: IBM WebSphere Application Server 5.x...
[SA15598] WebSphere Application Server Administrative Console Buffer Overflow
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...
[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure
TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...
IBM WebSphere Application Server < 6.1.0.17 Unspecified Vulnerability
Binary data 4530.prm...
IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities
Binary data 5076.prm...
CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing...
CVE-2001-1189
IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...
CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...
CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...
IBM HTTP Server 1.3.x - Source Code Disclosure
IBM HTTP Server 1.3.x - Source Code Disclosure source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' i...