Lucene search
K

9863 matches found

RedHat Linux
RedHat Linux
added 2012/06/20 3:57 p.m.39 views

Important: Red Hat Security Advisory: jbossas security update

An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, whic...

7.5CVSS5.8AI score0.03521EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2012/06/20 3:56 p.m.28 views

Important: Red Hat Security Advisory: jbossas security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

7.5CVSS5.8AI score0.03521EPSS
Exploits1References3
NVD
NVD
added 2012/06/20 10:27 a.m.19 views

CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request...

4.3CVSS5.8AI score0.02394EPSS
Exploits1References3
Prion
Prion
added 2012/06/20 10:27 a.m.20 views

Authentication flaw

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors...

2.6CVSS7.1AI score0.01109EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2012/06/20 10:0 a.m.21 views

CVE-2012-0716

Cross-site scripting XSS vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

7.8AI score0.01812EPSS
Exploits0References3
CVE
CVE
added 2012/06/20 10:0 a.m.74 views

CVE-2012-0720

CVE-2012-0720 : In IBM WebSphere Application Server, the Administration Console of the Integration Solution Console is vulnerable to cross-site scripting due to improper validation of user-supplied input. A remote attacker can inject arbitrary script via a crafted URL, affecting WAS 7.0 installat...

4.3CVSS7.3AI score0.01812EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/06/20 10:0 a.m.68 views

CVE-2012-0716

CVE-2012-0716 : IBM WebSphere Application Server 7.0 Administration Console has a cross-site scripting (XSS) vulnerability that can let an attacker inject script/HTML via the Administrative Console. Affected: WAS 7.0 prior to 7.0.0.23. Remediation: apply IBM Fix Pack 7.0.0.23 (or later) for WAS, ...

4.3CVSS7.3AI score0.01812EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/06/20 10:0 a.m.28 views

CVE-2012-0720

Cross-site scripting XSS vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

7.8AI score0.01812EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/06/20 10:0 a.m.25 views

CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request...

5.8AI score0.02394EPSS
Exploits1References3
CVE
CVE
added 2012/06/20 10:0 a.m.82 views

CVE-2012-0717

CVE-2012-0717 affects IBM WebSphere Application Server 7.0 (prior to 7.0.0.23) where a specific SSLv2 configuration with client authentication can allow a remote attacker to bypass X.509 client-certificate authentication via unspecified vectors. The condition requires: SSL enabled (SSLEnable), SS...

2.6CVSS9.2AI score0.01109EPSS
Exploits1References2Affected Software1
Symantec
Symantec
added 2012/06/12 12:0 a.m.45 views

Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft XML Core Services versions 3.0,...

9.3CVSS0.2AI score0.83638EPSS
Exploits12References3Affected Software5
Saint
Saint
added 2012/06/04 12:0 a.m.39 views

SAP NetWeaver Dispatcher DiagTraceR3Info Packet Parsing Vulnerability

Added: 06/04/2012 CVE: CVE-2012-2611 OSVDB: 81759 Background SAP Netweaver is a technology platform for building and integrating SAP business applications. Problem SAP Netweaver is vulnerable to a stack buffer overflow when configured with the developer trace level set to 2 or higher. The...

9.3CVSS9.6AI score0.41919EPSS
Exploits13
seebug.org
seebug.org
added 2012/06/04 12:0 a.m.154 views

IBM WebSphere Application 7.0.0.23 Snoop Servlet信息泄露漏洞

Bugtraq ID: 53755 CVE ID:CVE-2012-2170 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。与其兼容的Web服务器包括:Apache HTTP Server,Netscape Enterprise Server,Microsoft Internet Information Services IIS以及IBM HTTP Server。 WAS 6.1、7.0、8.0在启用了默认Application Snoop...

4.3CVSS9AI score0.02394EPSS
Exploits1
Cvelist
Cvelist
added 2012/05/21 8:0 p.m.27 views

CVE-2012-2561

HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444...

7.4AI score0.08659EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2012/05/21 12:0 a.m.16 views

HP Business Service Management Remote Code Execution

HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. Recent assessments: wchen-r7 at Septembe...

10CVSS0.6AI score0.08659EPSS
Exploits0References3
Nmap
Nmap
added 2012/05/14 9:30 p.m.148 views

ajp-request NSE Script

Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...

10CVSS9.3AI score0.99448EPSS
Exploits33
OpenVAS
OpenVAS
added 2012/05/11 12:0 a.m.21 views

IBM WebSphere Application Server <= 8.0 Information Disclosure Vulnerability

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.8CVSS6.3AI score0.01241EPSS
Exploits0References3
Symantec
Symantec
added 2012/05/08 12:0 a.m.53 views

Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers or cause denial of servi...

7.2CVSS0.8AI score0.03401EPSS
Exploits1Affected Software8
Prion
Prion
added 2012/05/01 7:55 p.m.20 views

Design/Logic Flaw

The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...

6.8CVSS6.5AI score0.01241EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/05/01 7:0 p.m.18 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...

6.1AI score0.01241EPSS
Exploits0References3
Rows per page
Query Builder