| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2566 |
310 |
|
|
2013-03-15 |
2013-04-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. |
|
2 |
CVE-2012-0717 |
287 |
|
Bypass |
2012-06-20 |
2012-06-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. |
|
3 |
CVE-2011-5066 |
200 |
|
+Info |
2012-01-14 |
2012-02-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. |
|
4 |
CVE-2011-1356 |
200 |
|
+Info |
2011-07-19 |
2011-07-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. |
|
5 |
CVE-2011-1307 |
264 |
|
|
2011-03-08 |
2011-04-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. |
|
6 |
CVE-2010-0777 |
20 |
|
+Info |
2010-05-17 |
2010-05-26 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. |
|
7 |
CVE-2009-2743 |
|
|
+Info |
2009-09-21 |
2010-12-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. |
|
8 |
CVE-2009-2089 |
16 |
|
+Info |
2009-08-13 |
2009-09-02 |
2.1 |
None |
Remote |
High |
Single system |
Partial |
None |
None |
|
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. |
|
9 |
CVE-2009-2087 |
255 |
|
DoS |
2009-08-13 |
2009-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. |
|
10 |
CVE-2009-1173 |
264 |
|
|
2009-03-31 |
2009-06-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. |
|
11 |
CVE-2009-0504 |
200 |
|
+Info |
2009-02-17 |
2009-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. |
|
12 |
CVE-2009-0433 |
|
|
DoS |
2009-02-10 |
2009-02-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. |
|
13 |
CVE-2008-0740 |
264 |
|
+Info |
2008-02-12 |
2009-09-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file. |
