Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 156 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2010-0777

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

Published: May 17, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2010-0776

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.

Published: May 17, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0775

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components.

Published: May 17, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0774

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published: May 17, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1651

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

Published: May 03, 2010; 9:51:52 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-1650

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

Published: May 03, 2010; 9:51:52 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-0770

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.

Published: April 01, 2010; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-0769

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

Published: April 01, 2010; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-0768

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

Published: April 01, 2010; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1182

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.

Published: March 29, 2010; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0563

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

Published: February 08, 2010; 4:30:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2746

Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published: November 16, 2009; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-2743

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

Published: September 21, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-2092

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-2091

The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2090

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2089

The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2009-2085

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).

Published: August 13, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH