Websphere Application Server@6.1.0.15 Security Vulnerabilities and Issues — Websphere Application Server@6.1.0.15 CVE List

Lucene search

IbmWebsphere Application Server6.1.0.15

16 matches found

CVE•added 2010/06/24 5:30 p.m.•58 views

CVE-2010-0778

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.5AI score0.00202EPSS

CVE•added 2010/05/17 10:30 p.m.•57 views

CVE-2010-0776

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.

5CVSS6.4AI score0.00527EPSS

CVE•added 2010/04/01 7:30 p.m.•54 views

CVE-2010-0769

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

1.9CVSS5.9AI score0.00054EPSS

CVE•added 2010/11/09 9:0 p.m.•52 views

CVE-2010-0785

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6CVSS7AI score0.00265EPSS

CVE•added 2010/08/30 8:0 p.m.•52 views

CVE-2010-3186

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and re...

10CVSS6.6AI score0.019EPSS

CVE•added 2010/05/17 10:30 p.m.•51 views

CVE-2010-0777

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading ...

2.6CVSS5.9AI score0.0055EPSS

CVE•added 2010/05/03 1:51 p.m.•51 views

CVE-2010-1650

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive ...

1.9CVSS5.9AI score0.00074EPSS

CVE•added 2010/04/01 7:30 p.m.•49 views

CVE-2010-0768

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3CVSS5.6AI score0.0023EPSS

CVE•added 2010/04/01 7:30 p.m.•49 views

CVE-2010-0770

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.

4CVSS6.1AI score0.00514EPSS

CVE•added 2010/05/17 10:30 p.m.•49 views

CVE-2010-0775

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager com...

5CVSS6.4AI score0.00527EPSS

CVE•added 2010/05/17 10:30 p.m.•47 views

CVE-2010-0774

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access re...

4.3CVSS6.4AI score0.00142EPSS

CVE•added 2010/06/18 6:30 p.m.•47 views

CVE-2010-2327

mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (dae...

4.3CVSS6.6AI score0.00759EPSS

CVE•added 2010/06/24 5:30 p.m.•45 views

CVE-2010-0779

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00202EPSS

CVE•added 2010/05/03 1:51 p.m.•44 views

CVE-2010-1651

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by rea...

1.9CVSS5.9AI score0.00049EPSS

CVE•added 2010/11/09 9:0 p.m.•43 views

CVE-2010-0783

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00475EPSS

CVE•added 2010/09/21 8:0 p.m.•42 views

CVE-2010-0781

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

4CVSS6.1AI score0.00514EPSS