Lucene search
K

9859 matches found

NVD
NVD
added 2011/03/08 9:59 p.m.14 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

7.5CVSS6.3AI score0.01187EPSS
Exploits0References4
NVD
NVD
added 2011/03/08 9:59 p.m.17 views

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...

5CVSS6.4AI score0.00926EPSS
Exploits0References2
NVD
NVD
added 2011/03/08 9:59 p.m.15 views

CVE-2011-1307

The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...

2.1CVSS5.9AI score0.00306EPSS
Exploits0References4
NVD
NVD
added 2011/03/08 9:59 p.m.24 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6CVSS6.3AI score0.00857EPSS
Exploits0References2
NVD
NVD
added 2011/03/08 9:59 p.m.26 views

CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...

4CVSS6AI score0.01027EPSS
Exploits0References2
NVD
NVD
added 2011/03/08 9:59 p.m.15 views

CVE-2011-1308

Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.4AI score0.01086EPSS
Exploits0References5
Prion
Prion
added 2011/03/08 9:59 p.m.19 views

Design/Logic Flaw

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

7.5CVSS6.9AI score0.01187EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01086EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.19 views

Code injection

The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...

5CVSS7AI score0.01631EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.19 views

Authentication flaw

The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...

4CVSS6.5AI score0.01027EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.13 views

Design/Logic Flaw

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6CVSS6.9AI score0.00857EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.22 views

Memory corruption

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages JSP component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption by sending many JSP requests that trigger...

5CVSS6.9AI score0.01105EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.14 views

Design/Logic Flaw

The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...

2.1CVSS6.2AI score0.00343EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.23 views

Double free

Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...

5CVSS7AI score0.00926EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/08 9:59 p.m.22 views

Session fixation

The Session Initiation Protocol SIP Proxy in the HTTP Transport component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service worker thread exhaustion and UDP messaging outage by sending many UDP messages...

5CVSS6.9AI score0.01105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.62 views

CVE-2011-1318

CVE-2011-1318 affects IBM WebSphere Application Server (WAS) before 7.0.0.15. The vulnerability is a memory leak in org.apache.jasper.runtime.JspWriterImpl.response within the JSP component, which allows remote attackers to cause a denial of service (memory consumption) by repeatedly stopping and...

5CVSS6.5AI score0.01105EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.21 views

CVE-2011-1308

Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01086EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.27 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

6.3AI score0.01187EPSS
Exploits0References4
CVE
CVE
added 2011/03/08 9:0 p.m.64 views

CVE-2011-1312

CVE-2011-1312 affects IBM WebSphere Application Server (WAS) Administrative Console. The vulnerability concerns WAS 6.1.0.x (before 6.1.0.31) and 7.x (before 7.0.0.15), where remote authenticated administrators could bypass access restrictions by mapping a (1) user or (2) group to an administrato...

4CVSS6.1AI score0.01027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.68 views

CVE-2011-1317

CVE-2011-1317 affects IBM WebSphere Application Server (WAS) JSP component WASJSPStrBufferImpl, where a memory leak can be triggered by large JSP responses. Affects WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Exploitation could lead to denial of service via memory consumption by sending ...

5CVSS6.5AI score0.01105EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder