Websphere Application Server@6.1 Security Vulnerabilities and Issues — Page 2 of Websphere Application Server@6.1 CVE List

Lucene search

IbmWebsphere Application Server6.1

72 matches found

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated u...

6CVSS6.5AI score0.00301EPSS

CVE•added 2009/08/13 6:30 p.m.•41 views

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

2.1CVSS6.3AI score0.00036EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5CVSS6.5AI score0.00401EPSS

CVE•added 2011/03/08 9:59 p.m.•40 views

CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1CVSS6AI score0.00052EPSS

CVE•added 2012/01/15 3:55 a.m.•40 views

CVE-2011-5065

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.

4.3CVSS5.5AI score0.00478EPSS

CVE•added 2012/05/01 7:55 p.m.•40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS

CVE•added 2009/03/31 2:9 p.m.•39 views

CVE-2009-0892

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

5.5CVSS6.5AI score0.00377EPSS

CVE•added 2009/07/05 4:30 p.m.•39 views

CVE-2009-0904

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP ...

6.4CVSS6.8AI score0.00249EPSS

CVE•added 2009/08/13 6:30 p.m.•39 views

CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," ...

7.5CVSS6.9AI score0.00554EPSS

CVE•added 2009/03/09 9:30 p.m.•38 views

CVE-2009-0856

Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00463EPSS

CVE•added 2009/09/21 7:30 p.m.•38 views

CVE-2009-2743

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure D...

2.1CVSS5.6AI score0.00064EPSS

CVE•added 2011/03/08 9:59 p.m.•38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS

CVE•added 2008/01/23 2:0 a.m.•37 views

CVE-2008-0389

Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

10CVSS6.4AI score0.01377EPSS

CVE•added 2009/03/31 2:9 p.m.•37 views

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

10CVSS6.5AI score0.01334EPSS

CVE•added 2009/09/21 7:30 p.m.•37 views

CVE-2009-2742

Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.

4.3CVSS5.5AI score0.0023EPSS

CVE•added 2009/02/10 10:30 p.m.•36 views

CVE-2009-0434

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) sys...

1.9CVSS5.5AI score0.00302EPSS

CVE•added 2008/01/10 2:46 a.m.•35 views

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.

10CVSS6.3AI score0.01325EPSS

CVE•added 2009/02/17 5:30 p.m.•35 views

CVE-2008-4285

Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via...

5CVSS6.3AI score0.00408EPSS

CVE•added 2009/02/10 10:30 p.m.•35 views

CVE-2009-0433

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandli...

2.6CVSS6.5AI score0.00708EPSS

CVE•added 2009/06/25 1:30 a.m.•34 views

CVE-2009-0903

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remot...

7.5CVSS6.7AI score0.00402EPSS

CVE•added 2008/09/16 11:0 p.m.•33 views

CVE-2008-4111

Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.

9.3CVSS6.3AI score0.0104EPSS

CVE•added 2009/02/10 10:30 p.m.•33 views

CVE-2009-0436

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

7.2CVSS6.4AI score0.00058EPSS

Total number of security vulnerabilities72