IBM » Websphere Application Server » 6.0.2 : Security Vulnerabilities, CVEs, (Denial of service)
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
Max CVSS
7.1
EPSS Score
1.82%
Published
2014-05-16
Updated
2017-08-29
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
Max CVSS
5.0
EPSS Score
0.18%
Published
2011-03-08
Updated
2011-03-30
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.
Max CVSS
5.0
EPSS Score
0.18%
Published
2011-03-08
Updated
2011-04-07
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
Max CVSS
5.0
EPSS Score
0.18%
Published
2011-03-08
Updated
2011-04-07
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.
Max CVSS
5.0
EPSS Score
0.15%
Published
2011-03-08
Updated
2011-04-07
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload.
Max CVSS
4.3
EPSS Score
0.36%
Published
2010-06-18
Updated
2010-06-21
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
Max CVSS
5.0
EPSS Score
0.39%
Published
2010-05-17
Updated
2017-08-17
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components.
Max CVSS
5.0
EPSS Score
0.21%
Published
2010-05-17
Updated
2017-08-17
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.
Max CVSS
4.0
EPSS Score
0.34%
Published
2010-04-01
Updated
2017-08-17
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.
Max CVSS
2.6
EPSS Score
0.35%
Published
2009-02-10
Updated
2017-08-08
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."
Max CVSS
7.8
EPSS Score
1.90%
Published
2008-10-22
Updated
2017-08-08
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
Max CVSS
7.8
EPSS Score
3.48%
Published
2007-06-19
Updated
2017-07-29
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.
Max CVSS
5.0
EPSS Score
0.50%
Published
2007-04-11
Updated
2011-03-07
13 vulnerabilities found