) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:3.0
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2006-3231 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." Published: June 27, 2006; 6:05:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2006-3232 |
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." Published: June 27, 2006; 6:05:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2001-1189 |
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. Published: December 13, 2001; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
| CVE-2001-0962 |
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. Published: September 19, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2000-0652 |
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. Published: July 24, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-1999-0852 |
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. Published: December 02, 1999; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |