Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Websphere Application Server
Total 420 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2328 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.
CVE-2011-1307 1 Ibm 1 Websphere Application Server 2024-02-28 2.1 LOW N/A
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.
CVE-2011-1376 1 Ibm 1 Websphere Application Server 2024-02-28 4.6 MEDIUM N/A
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
CVE-2010-2087 3 Caucho, Ibm, Oracle 3 Resin, Websphere Application Server, Mojarra 2024-02-28 4.3 MEDIUM N/A
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
CVE-2010-0776 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
CVE-2012-0707 1 Ibm 1 Websphere Application Server 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
CVE-2011-1320 1 Ibm 1 Websphere Application Server 2024-02-28 6.8 MEDIUM N/A
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
CVE-2011-1313 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call.
CVE-2011-1356 1 Ibm 1 Websphere Application Server 2024-02-28 2.1 LOW N/A
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.
CVE-2010-0777 1 Ibm 1 Websphere Application Server 2024-02-28 2.6 LOW N/A
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
CVE-2011-1311 1 Ibm 1 Websphere Application Server 2024-02-28 6.0 MEDIUM N/A
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
CVE-2011-1315 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
CVE-2011-0316 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.
CVE-2011-1683 1 Ibm 2 Websphere Application Server, Z\/os 2024-02-28 6.8 MEDIUM N/A
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
CVE-2010-2326 1 Ibm 1 Websphere Application Server 2024-02-28 4.3 MEDIUM N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.
CVE-2011-1322 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.
CVE-2008-7274 1 Ibm 1 Websphere Application Server 2024-02-28 4.3 MEDIUM N/A
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
CVE-2011-1362 1 Ibm 1 Websphere Application Server 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308.
CVE-2010-0563 1 Ibm 1 Websphere Application Server 2024-02-28 5.0 MEDIUM N/A
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
CVE-2011-1309 1 Ibm 1 Websphere Application Server 2024-02-28 7.5 HIGH N/A
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.