9859 matches found
CVE-2011-1309
The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...
CVE-2011-1313
Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...
CVE-2011-1307
The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...
CVE-2011-1311
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
CVE-2011-1312
The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...
CVE-2011-1308
Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...
Authentication flaw
The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...
Design/Logic Flaw
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
Memory corruption
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages JSP component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption by sending many JSP requests that trigger...
Design/Logic Flaw
The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...
Double free
Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...
Session fixation
The Session Initiation Protocol SIP Proxy in the HTTP Transport component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service worker thread exhaustion and UDP messaging outage by sending many UDP messages...
CVE-2011-1318
CVE-2011-1318 affects IBM WebSphere Application Server (WAS) before 7.0.0.15. The vulnerability is a memory leak in org.apache.jasper.runtime.JspWriterImpl.response within the JSP component, which allows remote attackers to cause a denial of service (memory consumption) by repeatedly stopping and...
CVE-2011-1308
Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-1309
The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...
CVE-2011-1312
CVE-2011-1312 affects IBM WebSphere Application Server (WAS) Administrative Console. The vulnerability concerns WAS 6.1.0.x (before 6.1.0.31) and 7.x (before 7.0.0.15), where remote authenticated administrators could bypass access restrictions by mapping a (1) user or (2) group to an administrato...
CVE-2011-1317
CVE-2011-1317 affects IBM WebSphere Application Server (WAS) JSP component WASJSPStrBufferImpl, where a memory leak can be triggered by large JSP responses. Affects WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Exploitation could lead to denial of service via memory consumption by sending ...