Show filters
33 Total Results
Displaying 21-30 of 33
Sort by:
Attacker Value
Unknown
CVE-2011-1309
Disclosure Date: March 08, 2011 (last updated October 04, 2023)
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
0
Attacker Value
Unknown
CVE-2011-1311
Disclosure Date: March 08, 2011 (last updated October 04, 2023)
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
0
Attacker Value
Unknown
CVE-2011-1315
Disclosure Date: March 08, 2011 (last updated October 04, 2023)
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
0
Attacker Value
Unknown
CVE-2011-1316
Disclosure Date: March 08, 2011 (last updated October 04, 2023)
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.
0
Attacker Value
Unknown
CVE-2011-1307
Disclosure Date: March 08, 2011 (last updated October 04, 2023)
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.
0
Attacker Value
Unknown
CVE-2010-1650
Disclosure Date: May 03, 2010 (last updated October 04, 2023)
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
0
Attacker Value
Unknown
CVE-2010-1651
Disclosure Date: May 03, 2010 (last updated October 04, 2023)
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.
0
Attacker Value
Unknown
CVE-2009-0904
Disclosure Date: July 05, 2009 (last updated October 04, 2023)
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
0
Attacker Value
Unknown
CVE-2008-4285
Disclosure Date: February 17, 2009 (last updated October 04, 2023)
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance."
0
Attacker Value
Unknown
CVE-2009-0436
Disclosure Date: February 10, 2009 (last updated October 04, 2023)
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.
0