Ibm: >> Websphere Application Server Security Vulnerabilities
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
CVSS Score
7.5
EPSS Score
0.011
Published
2001-09-19
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-07-02
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
CVSS Score
5.0
EPSS Score
0.072
Published
2001-07-02
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
CVSS Score
5.0
EPSS Score
0.049
Published
2001-03-13
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
CVSS Score
10.0
EPSS Score
0.085
Published
2000-11-14
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
CVSS Score
5.0
EPSS Score
0.042
Published
2000-07-24
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVSS Score
7.5
EPSS Score
0.007
Published
2000-06-08
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
CVSS Score
7.2
EPSS Score
0.0
Published
1999-12-02
Page 44