Ibm: >> Websphere Application Server Security Vulnerabilities
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2007-04-11
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
CVSS Score
7.5
EPSS Score
0.011
Published
2007-03-22
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
CVSS Score
4.3
EPSS Score
0.002
Published
2007-03-20
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
CVSS Score
4.3
EPSS Score
0.004
Published
2007-03-20
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
CVSS Score
5.0
EPSS Score
0.004
Published
2007-03-20
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.017
Published
2006-12-19
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
CVSS Score
5.0
EPSS Score
0.01
Published
2006-12-19
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
CVSS Score
10.0
EPSS Score
0.01
Published
2006-11-28
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.012
Published
2006-11-28
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
CVSS Score
10.0
EPSS Score
0.007
Published
2006-10-17