CVE-2010-1651

IBM WebSphere Application Server (WAS) is affected by CVE-2010-1651: when Basic authentication and SIP tracing are enabled, SIP trace logs contain the complete inbound/outbound SIP messages, allowing a local attacker to read sensitive information. Affected versions are WAS 6.1.x prior to 6.1.0.31...

CVE-2010-1650

CVE-2010-1650 affects IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11. When WAS is run with the -trace (debugging) option enabled, it prints string representations of unspecified objects, allowing a local attacker to read trace output...

CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check

Red Hat JBoss products are prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

IBM WebSphere Application Server < 6.1.0.31, 7.x < 7.0.0.11 Information Disclosure Vulnerability

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

JBoss Application Server Web Console Authentication bypass

The Web Console aka web-console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an...

JBoss Enterprise Application Platform Multiple Vulnerabilities

Description JBoss Enterprise Application Platform is prone to multiple vulnerabilities, including an information-disclosure issue and multiple authentication-bypass issues. An attacker can exploit these issues to bypass certain security restrictions to obtain sensitive information or gain...

Update Protection against SAP GUI SAPBExCommonResources ActiveX Command Execution

A buffer overflow vulnerability has been reported in SAP GUI, the GUI client in SAP's 3-tier architecture of database, application server and client. The vulnerability exists in the SAP GUI SAPBExCommonResources ActiveX control. The vulnerability may allow remote attackers to execute arbitrary...

Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

IBM WebSphere Application Server 7.0 < Fix Pack 9

IBM WebSphere Application Server 7.0 before Fix Pack 9 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability in the Administration Console. PK97376 - An error when defining a wsadmin scripting...

IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.x before Fix Pack 25 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities. - An unspecified vulnerability in the Administrative Console involving monitor role users. PK45768 - WebSphere Application Server...

IBM WebSphere Application Server 6.0 < 6.0.2.19 HTTP Response Splitting

IBM WebSphere Application Server 6.0.x before Fix Pack 19 appears to be running on the remote host. Such versions are reportedly affected by an HTTP response splitting vulnerability because the application fails to properly sanitize user-supplied data to an unspecified parameter and script. C...

IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - An unspecified denial of service vulnerability in the Java Message Service JMS. - An unspecified vulnerability in the Servlet...

IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.x before Fix Pack 21 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities. - The web container sends response data intended for a different request in certain circumstances after a closed connection error...

IBM WebSphere应用服务器wsadmin脚本执行信息泄露漏洞

CVE ID: CVE-2010-0769 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere应用服务器没有正确地定义wsadmin脚本化J2CConnectionFactory对象，本地用户可以通过从 resources.xml文件中读取明文字段获得KeyRingPassword口令。 IBM Websphere Application Server 7.0.x IBM Websphere Application Server 6.1.x IBM Websphe...

Default credentials

IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service ORB ListenerThread hang by aborting an SSL handshake...

CVE-2010-0770

IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service ORB ListenerThread hang by aborting an SSL handshake...

CVE-2010-0769

IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file...

CVE-2010-0768

CVE-2010-0768 is an XSS flaw in IBM WebSphere Application Server Administration Console. Affected products are WAS 6.0 before 6.0.2.41, WAS 6.1 before 6.1.0.31, and WAS 7.0 before 7.0.0.9, where arbitrary web script or HTML could be injected via the URI. Public sources in connected documents corr...