By Risk Score
By Publish Date
By Recent Activity
application server vulnerabilities and exploits
(subscribe to this query)
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 220.127.116.11 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges....
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 18.104.22.168 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434....
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 22.214.171.124 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified...
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 126.96.36.199, 6.1.x before 188.8.131.52, and 7.0.x before 184.108.40.206, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by...
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 220.127.116.11 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors....
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 18.104.22.168 and earlier 5.x versions, 6.0.x before 22.214.171.124, and 6.1.x before 126.96.36.199 allows remote attackers to redirect users to arbitrary web sites and conduct phishing...
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 188.8.131.52 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as...
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows...
1 Article available
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 184.108.40.206, 220.127.116.11, 18.104.22.168, and 22.214.171.124 has unknown impact and remote attack vectors related to "HTTP request handlers"....
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 126.96.36.199 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not...