Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown

CVE-2016-0377

Disclosure Date: October 22, 2016 (last updated November 25, 2024)
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2016-5983

Disclosure Date: October 05, 2016 (last updated November 25, 2024)
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
0
0
Attacker Value
Unknown

CVE-2016-5986

Disclosure Date: October 01, 2016 (last updated November 25, 2024)
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2016-0385

Disclosure Date: September 01, 2016 (last updated November 25, 2024)
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2016-2960

Disclosure Date: August 08, 2016 (last updated November 25, 2024)
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
0
0
Attacker Value
Unknown

CVE-2016-0359

Disclosure Date: July 03, 2016 (last updated November 25, 2024)
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
0
0
Attacker Value
Unknown

CVE-2014-3021

Disclosure Date: October 19, 2014 (last updated October 05, 2023)
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.
0
0
Attacker Value
Unknown

CVE-2013-6330

Disclosure Date: January 16, 2014 (last updated October 05, 2023)
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
0
0