) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2010-1650 |
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. Published: May 03, 2010; 9:51:52 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
| CVE-2009-0504 |
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. Published: February 17, 2009; 12:30:05 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2009-0435 |
Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. Published: February 10, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2008-4284 |
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. Published: February 10, 2009; 5:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
| CVE-2008-5413 |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2008-5412 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2008-5411 |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Published: December 09, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2008-0389 |
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. Published: January 22, 2008; 9:00:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |