Websphere Application Server@5.0.2.15 Security Vulnerabilities and Issues — Websphere Application Server@5.0.2.15 CVE List

Lucene search

IbmWebsphere Application Server5.0.2.15

16 matches found

CVE•added 2011/03/08 9:59 p.m.•51 views

CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

5CVSS6.5AI score0.00808EPSS

CVE•added 2011/03/08 9:59 p.m.•50 views

CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly st...

5CVSS6.5AI score0.00527EPSS

CVE•added 2011/03/08 9:59 p.m.•49 views

CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

5CVSS6.5AI score0.00458EPSS

CVE•added 2011/03/08 9:59 p.m.•48 views

CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

5CVSS6.5AI score0.00527EPSS

CVE•added 2009/02/10 10:30 p.m.•47 views

CVE-2008-4284

Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutEx...

5.8CVSS6.8AI score0.00365EPSS

CVE•added 2006/06/27 10:5 a.m.•42 views

CVE-2006-3231

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."

4.3CVSS6.7AI score0.00842EPSS

CVE•added 2011/07/18 10:55 p.m.•42 views

CVE-2010-3271

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security...

6.8CVSS7AI score0.00985EPSS

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated u...

6CVSS6.5AI score0.00301EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5CVSS6.5AI score0.00401EPSS

CVE•added 2011/03/08 9:59 p.m.•40 views

CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1CVSS6AI score0.00052EPSS

CVE•added 2012/05/01 7:55 p.m.•40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS

CVE•added 2006/06/27 10:5 a.m.•39 views

CVE-2006-3232

Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."

10CVSS6.7AI score0.00528EPSS

CVE•added 2007/03/20 10:19 a.m.•39 views

CVE-2006-7164

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

4.3CVSS6.5AI score0.002EPSS

CVE•added 2011/03/08 9:59 p.m.•38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS

CVE•added 2007/03/20 10:19 a.m.•33 views

CVE-2006-7166

IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."

5CVSS6.7AI score0.00343EPSS

CVE•added 2009/02/10 10:30 p.m.•33 views

CVE-2008-4283

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

10CVSS6.9AI score0.00499EPSS