12 matches found
EUVD-2016-3996
Malware in sbrugna...
Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by vulnerabilities CVE-2016-0359 and CVE-2016-2923.
Summary IBM i Integrated Web Application Server version 8.5 is affected by the following vulnerabilities CVE-2016-0359 and CVE-2016-2923. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker...
Security Bulletin: Information disclosure in WebSphere Application Server Liberty affects IBM MessageSight (CVE-2016-2923)
Summary There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2923 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM Streams may be impacted by a vulnerability in WebSphere Liberty (CVE-2016-2923)
Summary There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API which may impact IBM Streams. The IBM Streams team has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-2923 DESCRIPTION: IBM WebSphere Applicati...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud
Summary There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. Apache Struts vulnerabilities affect WebSphere Application Server Administration Console. Vulnerability Details Please consult the security bulletins for...
Security Bulletin: Several vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-2923, CVE-2016-2945, CVE-2016-0359)
Summary There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. The...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix
Summary There is an XML External Entity Injection XXE vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. There is a potential for...
Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2016-2923)
Summary There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API. Vulnerability Details CVEID: CVE-2016-2923 DESCRIPTION: IBM WebSphere Application Server Liberty using JAX-RS API could allow a remote attacker to obtain sensitive...
IBM WebSphere Application Server Liberty Multiple Liberty Vulnerabilities (Jul 2016)
IBM WebSphere Application Server Liberty is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-2923
IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...
Design/Logic Flaw
IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...
CVE-2016-2923
IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...