Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:6.1.0.29
There are 100 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2011-1320

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1319

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1317

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-0316

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

Published: January 11, 2011; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-0315

Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application.

Published: January 11, 2011; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0785

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: November 09, 2010; 4:00:02 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2010-0783

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: November 09, 2010; 4:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-0781

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

Published: September 21, 2010; 4:00:01 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-3186

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.

Published: August 30, 2010; 4:00:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH