Search Results (470 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7164 3 Ibm, Linux, Unix 3 Websphere Application Server, Linux Kernel, Unix 2026-04-23 N/A
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
CVE-2009-1901 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
CVE-2007-3262 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
CVE-2007-3397 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
CVE-2008-4678 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2007-1944 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.
CVE-2007-1608 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
CVE-2009-0504 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
CVE-2009-2085 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
CVE-2006-5323 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
CVE-2007-4833 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789.
CVE-2007-5798 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.
CVE-2007-5799 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.
CVE-2008-2550 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.
CVE-2007-6679 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.
CVE-2008-4283 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2008-4284 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
CVE-2008-4285 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance."
CVE-2006-7198 1 Ibm 2 Racf, Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.