9871 matches found
JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting
WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...
IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A request validation error exists related to the proxy server component that could allow a remote attacker to cause the pro...
JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments...
RHEL 4 : JBoss EAP (RHSA-2010:0376)
Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP09. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability...
CVE-2012-1677
Technical details about CVE-2012-1677 are not publicly available in the provided documents. Monitor for updates from Oracle and CVE repositories for affected products, versions, and remediation.
Default application files available for download via the application server.
see: https://jira.atlassian.com/browse/JRA-31187 e.g. https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/ and https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/web.xml . FishEye shouldn't write any user data to the WEB-INF directory. The only files which are viewable there, should be the sam...
Default application files available for download via the application server.
see: https://jira.atlassian.com/browse/JRA-31187 e.g. https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/ and https://fisheye2.atlassian.com/s/1519/3/1.0//WEB-INF/web.xml . FishEye shouldn't write any user data to the WEB-INF directory. The only files which are viewable there, should be the sam...
IBM WebSphere Application Server for z/OS HTTP Server组件任意命令执行漏洞
BUGTRAQ ID: 57010 CVECAN ID: CVE-2012-5955 WebSphere是IBM的集成软件平台。它包含了编写、运行和监视全天候的工业强度的随需应变Web应用程序和跨平台、跨产品解决方案所需要的整个中间件基础设施,如服务器、服务和工具。 IBM WebSphere Application Server for z/OS 5.3及其他版本在HTTP服务器组件5.3版本内存在安全漏洞,可允许远程攻击者执行任意命令。 0 IBM Websphere Application Server 5.x 厂商补丁: IBM ---...
CVE-2012-5955
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...
CVE-2012-3428
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...
Code injection
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...
CVE-2012-5955
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server WAS for z/OS allows remote attackers to execute arbitrary commands via unknown vectors...
CVE-2012-3428
The CVE-2012-3428 issue affects the IronJacamar container prior to 1.0.12.Final used with JBoss AS. When allow-multiple-users is enabled alongside a security domain, the credentials passed to getConnection are not used, potentially enabling an attacker to obtain access to an arbitrary datasource ...
CVE-2012-5955
Technical details about CVE-2012-5955 are not publicly provided in the connected documents. Monitor for updates from IBM/NVD and vendors for affected versions, impact, and remediation.
CVE-2012-3428
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update
JBoss Enterprise Application Platform 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update
Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...
IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...
Adobe Patches DoS Flaw in ColdFusion 10
Adobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ColdFusion is Adobe’s platform and application server used by developers to build Web applications. The security hotfix is for ColdFusion 10 Update 1 and above for the Windows operating...