CVE-2008-5412

IBM WebSphere Application Server 7 (Windows) is affected by CVE-2008-5412/CVE-2009-0438, where WAS 7 before 7.0.0.1 allows remote attackers to bypass authorization and read sensitive data from JSPs via a crafted request. The issue is described as unspecified in the 2008 entry, with later sources ...

CVE-2008-5412

Unspecified vulnerability in IBM WebSphere Application Server WAS 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438...

CVE-2008-5411

CVE-2008-5411 affects IBM WebSphere Application Server (WAS) 7 before 7.0.0.1, where SSL traffic is sent over unsecured TCP, enabling remote attackers to sniff and obtain sensitive information. Root cause: SSL data transmitted without proper protocol protection. Impact: confidentiality compromise...

CVE-2008-5414

Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server WAS 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."...

CVE-2008-5414

IBM WebSphere Application Server 7.0 before Fix Pack 1 (i.e., before 7.0.0.1) is affected by a vulnerability in the Feature Pack for Web Services Web Services Security component related to the userNameToken, potentially enabling information disclosure. Connective sources (NVD/NVD-derived content ...

IBM WebSphere Application Server 7.0 < Fix Pack 1

IBM WebSphere Application Server 7.0 before Fix Pack 1 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities. - The PerfServlet code writes sensitive information in the 'systemout.log' and ffdc files, provided Performance Monitoring Infrastructur...

Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

CVE-2008-5266 is an XSS in GlassFish 2 UR2 webadmin (configuration/httpListenerEdit.jsf) of Sun Java System Application Server 9.1_01 (build b09d-fcs) and 9.1_02 (build b04-fcs). Remote attackers can inject arbitrary script via the name parameter. CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/I:P/C:N/A:...

IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities

Binary data 4725.prm...

IBM WebSphere应用服务器拒绝服务及绕过安全限制漏洞

BUGTRAQ ID: 31839 CVECAN ID: CVE-2008-4678,CVE-2008-4679 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 IBM WebSphere应用服务器的HTTP Transport组件中的HTTPRequestParser方式没有正确地验证用户所提交的HTTP请求。如果远程攻击者在请求中包含有超长的HTTP Host头的话，就可能导致拒绝服务（0C4控制器异常结束和应用程序挂起）。 如果将Certificate Store...

CVE-2008-4679

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists CRL, does not call the setRevocationEnabled method on the PKIXBuilderParameters object,...

CVE-2008-4678

The HTTPRequestParser method in the HTTP Transport component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service controller 0C4 abend and application hang via a long HTTP Host header, related to "storage overlay" on the stack and a...

CVE-2008-4678

The HTTPRequestParser method in the HTTP Transport component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service controller 0C4 abend and application hang via a long HTTP Host header, related to "storage overlay" on the stack and a...

CVE-2008-4678

The CVE-2008-4678 issue affects IBM WebSphere Application Server 6.0.2 prior to Fix Pack 6.0.2.31. The HTTP Transport’s HTTP_Request_Parser can be triggered by a long HTTP Host header, causing a denial of service (controller 0C4 abend and application hang). Root cause is a parsing/stack handling ...

Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects RPC Remote Procedure Call handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete...

Oracle 2008年10月紧急补丁更新修复多个漏洞

BUGTRAQ ID: 31683 CVECAN ID:...

CVE-2008-3987

Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors...