Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmWebsphere Application Server6.1.0.13

65 matches found

CVE
CVEadded 2010/09/21 8:0 p.m.42 views

CVE-2010-0781

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

4CVSS6.1AI score0.00514EPSS
CVE
CVEadded 2009/08/13 6:30 p.m.41 views

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

2.1CVSS6.3AI score0.00036EPSS
CVE
CVEadded 2009/03/31 2:9 p.m.39 views

CVE-2009-0892

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

5.5CVSS6.5AI score0.00377EPSS
CVE
CVEadded 2009/07/05 4:30 p.m.39 views

CVE-2009-0904

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP ...

6.4CVSS6.8AI score0.00249EPSS
CVE
CVEadded 2009/08/13 6:30 p.m.39 views

CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," ...

7.5CVSS6.9AI score0.00554EPSS
CVE
CVEadded 2009/03/09 9:30 p.m.38 views

CVE-2009-0856

Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00463EPSS
CVE
CVEadded 2009/09/21 7:30 p.m.38 views

CVE-2009-2743

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure D...

2.1CVSS5.6AI score0.00064EPSS
CVE
CVEadded 2009/03/31 2:9 p.m.37 views

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

10CVSS6.5AI score0.01334EPSS
CVE
CVEadded 2009/09/21 7:30 p.m.37 views

CVE-2009-2742

Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.

4.3CVSS5.5AI score0.0023EPSS
CVE
CVEadded 2009/02/10 10:30 p.m.36 views

CVE-2009-0434

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) sys...

1.9CVSS5.5AI score0.00302EPSS
CVE
CVEadded 2009/02/10 10:30 p.m.35 views

CVE-2009-0433

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandli...

2.6CVSS6.5AI score0.00708EPSS
CVE
CVEadded 2009/11/16 7:30 p.m.35 views

CVE-2009-2746

Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified...

6.8CVSS6.9AI score0.00155EPSS
CVE
CVEadded 2009/06/25 1:30 a.m.34 views

CVE-2009-0903

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remot...

7.5CVSS6.7AI score0.00402EPSS
CVE
CVEadded 2008/09/16 11:0 p.m.33 views

CVE-2008-4111

Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.

9.3CVSS6.3AI score0.0104EPSS
CVE
CVEadded 2009/02/10 10:30 p.m.33 views

CVE-2009-0436

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

7.2CVSS6.4AI score0.00058EPSS
Total number of security vulnerabilities65