Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:6.1.0.37
There are 67 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Published: May 01, 2012; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0193

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: January 19, 2012; 11:04:51 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

Published: January 19, 2012; 6:55:10 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

Published: January 14, 2012; 10:55:13 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-5065

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.

Published: January 14, 2012; 10:55:12 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1377

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

Published: January 14, 2012; 10:55:12 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-1362

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308.

Published: January 14, 2012; 10:55:12 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1359

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Published: September 06, 2011; 11:55:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1356

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.

Published: July 19, 2011; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-1355

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

Published: July 19, 2011; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-3271

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

Published: July 18, 2011; 6:55:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1209

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

Published: May 04, 2011; 6:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

Published: March 08, 2011; 4:59:34 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW