Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:6.1.0.33
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1315 |
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1314 |
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1313 |
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1311 |
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2011-1310 |
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2011-1309 |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1308 |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1307 |
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. Published: March 08, 2011; 4:59:34 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-0316 |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. Published: January 11, 2011; 8:00:02 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0315 |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Published: January 11, 2011; 8:00:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0785 |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published: November 09, 2010; 4:00:02 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2010-0783 |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: November 09, 2010; 4:00:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2325 |
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Published: June 18, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2324 |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. Published: June 18, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-2323 |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. Published: June 18, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-0504 |
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. Published: February 17, 2009; 12:30:05 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-5413 |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-5412 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-5411 |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |