Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2372 | Buffer Errors vulnerability in IBM Infoprint 21 1.047012 The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow. | 5.0 |
| 2002-12-31 | CVE-2002-2014 | Unspecified vulnerability in IBM Lotus Domino 5.0.8 Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks. | 5.0 |
| 2002-12-31 | CVE-2002-1822 | Information Disclosure vulnerability in IBM Http Server 1.0 IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). | 5.0 |
| 2002-12-31 | CVE-2002-1624 | Buffer Overflow vulnerability in Lotus Domino HTTP Authentication Logging Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters. | 5.0 |
| 2002-11-04 | CVE-2002-1169 | Denial Of Service vulnerability in IBM Websphere Caching Proxy IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | 5.0 |
| 2002-11-04 | CVE-2002-1168 | Unspecified vulnerability in IBM Websphere Caching Proxy Server 3.6/4.0 Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. network ibm | 6.8 |
| 2002-11-04 | CVE-2002-1167 | Cross-Site Scripting vulnerability in IBM Websphere Edge Server 3.6/4.0 Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. network ibm | 6.8 |
| 2002-10-28 | CVE-2002-1203 | Resource Management Errors vulnerability in IBM Secureway Firewall 4.2/4.2.1 IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. | 5.0 |
| 2002-10-28 | CVE-2002-1201 | Remote Empty TCP Flag Flood Denial Of Service vulnerability in IBM AIX 4.3.3/5 IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. | 5.0 |
| 2002-10-11 | CVE-2002-1153 | Buffer Overflow vulnerability in IBM Websphere Application Server 4.0.3 IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | 5.0 |