Ibm: >> Websphere Application Server >> 3.0.2 Security Vulnerabilities
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."
CVSS Score
4.3
EPSS Score
0.008
Published
2006-06-27
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."
CVSS Score
10.0
EPSS Score
0.005
Published
2006-06-27
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
CVSS Score
4.6
EPSS Score
0.001
Published
2001-12-13
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
CVSS Score
7.5
EPSS Score
0.008
Published
2001-12-06
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
CVSS Score
7.5
EPSS Score
0.011
Published
2001-09-19
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
CVSS Score
10.0
EPSS Score
0.085
Published
2000-11-14
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVSS Score
7.5
EPSS Score
0.007
Published
2000-06-08
Page 6