Lucene search
K

9871 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/01/25 12:0 a.m.16 views

JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting

WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.43 views

IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A request validation error exists related to the proxy server component that could allow a remote attacker to cause the pro...

6.8CVSS7.9AI score0.02401EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.3 views

JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments...

2.1CVSS6.2AI score0.00387EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.93 views

RHEL 4 : JBoss EAP (RHSA-2010:0376)

Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP09. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability...

7.5CVSS6.4AI score0.79415EPSS
Exploits35References8
CVE
CVE
added 2013/01/17 1:30 a.m.41 views

CVE-2012-1677

Technical details about CVE-2012-1677 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE repositories for affected products, versions, and remediation.

4.3CVSS6.1AI score0.00985EPSS
Exploits0References2Affected Software1
Atlassian
Atlassian
added 2013/01/15 3:23 a.m.17 views

Default application files available for download via the application server.

see: https://jira.atlassian.com/browse/JRA-31187 e.g. https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/ and https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/web.xml . FishEye shouldn't write any user data to the WEB-INF directory. The only files which are viewable there, should be the sam...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/01/15 3:23 a.m.27 views

Default application files available for download via the application server.

see: https://jira.atlassian.com/browse/JRA-31187 e.g. https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/ and https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/web.xml . FishEye shouldn't write any user data to the WEB-INF directory. The only files which are viewable there, should be the sam...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2012/12/21 12:0 a.m.28 views

IBM WebSphere Application Server for z/OS HTTP Server组件任意命令执行漏洞

BUGTRAQ ID: 57010 CVECAN ID: CVE-2012-5955 WebSphere是IBM的集成软件平台。它包含了编写、运行和监视全天候的工业强度的随需应变Web应用程序和跨平台、跨产品解决方案所需要的整个中间件基础设施,如服务器、服务和工具。 IBM WebSphere Application Server for z/OS 5.3及其他版本在HTTP服务器组件5.3版本内存在安全漏洞,可允许远程攻击者执行任意命令。 0 IBM Websphere Application Server 5.x 厂商补丁: IBM ---...

10CVSS6.3AI score0.04397EPSS
Exploits1
NVD
NVD
added 2012/12/20 12:2 p.m.17 views

CVE-2012-5955

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...

10CVSS7.5AI score0.04397EPSS
Exploits1References2
NVD
NVD
added 2012/12/20 12:2 p.m.27 views

CVE-2012-3428

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS6.6AI score0.0141EPSS
Exploits0References8
Prion
Prion
added 2012/12/20 12:2 p.m.13 views

Code injection

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...

10CVSS7.9AI score0.04397EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2012/12/20 11:0 a.m.21 views

CVE-2012-5955

Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...

7.5AI score0.04397EPSS
Exploits1References2
CVE
CVE
added 2012/12/20 11:0 a.m.71 views

CVE-2012-3428

The CVE-2012-3428 issue affects the IronJacamar container prior to 1.0.12.Final used with JBoss AS. When allow-multiple-users is enabled alongside a security domain, the credentials passed to getConnection are not used, potentially enabling an attacker to obtain access to an arbitrary datasource ...

4.3CVSS6.6AI score0.0141EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2012/12/20 11:0 a.m.62 views

CVE-2012-5955

Technical details about CVE-2012-5955 are not publicly provided in the connected documents. Monitor for updates from IBM/NVD and vendors for affected versions, impact, and remediation.

10CVSS7.7AI score0.04397EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2012/12/20 11:0 a.m.26 views

CVE-2012-3428

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

6.6AI score0.0141EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2012/12/18 10:43 p.m.73 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update

JBoss Enterprise Application Platform 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

10CVSS6.8AI score0.6477EPSS
Exploits10References12
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.58 views

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update

Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS6.3AI score0.6477EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2012/12/18 10:17 p.m.8 views

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS5.8AI score0.0141EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/11/20 12:0 a.m.53 views

IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...

7.5CVSS8.2AI score0.0388EPSS
Exploits5References23
ThreatPost
ThreatPost
added 2012/11/19 7:53 p.m.7 views

Adobe Patches DoS Flaw in ColdFusion 10

Adobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ColdFusion is Adobe’s platform and application server used by developers to build Web applications. The security hotfix is for ColdFusion 10 Update 1 and above for the Windows operating...

1.4AI score
Exploits0References5
Rows per page
Query Builder