9852 matches found
IBM WebSphere应用服务器Web容器GET请求远程拒绝服务漏洞
CVE ID: CVE-2010-0776 IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere应用服务器的Web容器在调用response.sendRedirect期间没有正确地处理分块传输编码,远程攻击者可以通过提交恶意的GET请求导致拒绝服务。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6....
CVE-2010-1942
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force...
CVE-2010-1942
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force...
Code injection
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force...
CVE-2010-1942
Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force...
CVE-2010-1942
The CVE-2010-1942 issue affects Fujitsu Interstage applications (Interstage Application Server 3.0–7.0 and related suites) via the Servlet service. The vulnerability arises from how certain requests are processed depending on load-balancer settings, potentially allowing invalid requests to be pro...
CVE-2010-0774
The 1 JAX-RPC WS-Security 1.0 and 2 JAX-WS runtime implementations in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS7 and PKIPath tokens, which allows remote attackers to bypass intended access...
CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service memory consumption and daemon crash via a crafted request, related to the nodeagent and Deployment Manager...
CVE-2010-0777
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading...
Design/Logic Flaw
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service memory consumption and daemon crash via a crafted request, related to the nodeagent and Deployment Manager...
Design/Logic Flaw
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request...
CVE-2010-0775
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service memory consumption and daemon crash via a crafted request, related to the nodeagent and Deployment Manager...
CVE-2010-0775
CVE-2010-0775 affects IBM WebSphere Application Server 6.0 (before 6.0.2.41), 6.1 (before 6.1.0.31), and 7.0 (before 7.0.0.11). A remote attacker can trigger a denial of service (memory consumption and daemon crash) by sending a crafted request, via the nodeagent and Deployment Manager components...
CVE-2010-0776
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request...
JVN#90248889: Interstage Application Server vulnerable in request processing
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...
IBM WebSphere应用服务器-trace选项信息泄露漏洞
CVE ID: CVE-2010-1650 IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 在启用了-trace选项(也称为调试模式)的情况下,WebSphere应用服务器所执行的调试语句会打印出某些对象的字符串表示,本地用户可以通过读取追踪输出获得敏感信息。 IBM Websphere Application Server 7.0.x IBM Websphere Application Server 6.1.x IBM Websphere Application Server...
CVE-2010-1651
IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...
CVE-2010-1650
IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option aka debugging mode is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive...