Filtered by vendor Ibm
Subscriptions
Filtered by product Websphere Application Server
Subscriptions
Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-1632 | 2 Apache, Ibm | 6 Axis2, Geronimo, Orchestration Director Engine and 3 more | 2024-08-07 | N/A |
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. | ||||
CVE-2010-0785 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2010-0776 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. | ||||
CVE-2010-0769 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | ||||
CVE-2010-0770 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. | ||||
CVE-2010-0768 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
CVE-2010-0779 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0774 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2010-0786 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. | ||||
CVE-2010-0784 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0775 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | ||||
CVE-2010-0778 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0777 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | ||||
CVE-2010-0783 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0781 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. | ||||
CVE-2011-5065 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. | ||||
CVE-2011-4889 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. | ||||
CVE-2011-1362 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. | ||||
CVE-2011-1359 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
CVE-2011-1376 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. |