U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 72 matching records.
Displaying matches 61 through 72.
Vuln ID Summary CVSS Severity
CVE-2007-3262

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.

Published: June 19, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-3263

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."

Published: June 19, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3264

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.

Published: June 19, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3265

Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 19, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1944

The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.

Published: April 10, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1945

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

Published: April 10, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1608

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

Published: March 22, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-6636

Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.

Published: December 19, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6637

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."

Published: December 19, 2006; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-5323

Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.

Published: October 17, 2006; 1:07:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-5324

The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374.

Published: October 17, 2006; 1:07:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4136

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

Published: August 14, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH