Vulnerabilities > IBM > Websphere Application Server > 5.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-17 | CVE-2006-2431 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. | 4.3 |
2006-05-17 | CVE-2006-2430 | Remote Security vulnerability in Websphere Application Server IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | 10.0 |
2005-12-31 | CVE-2005-4834 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | 5.0 |
2005-11-04 | CVE-2005-3498 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | 4.3 |
2005-07-05 | CVE-2005-2091 | Cross-Site Scripting vulnerability in Websphere Application Server 5.0/5.1.0 IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network ibm | 4.3 |
2005-05-02 | CVE-2005-1112 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | 5.0 |
2005-05-02 | CVE-2005-0425 | Remote Security vulnerability in Websphere Application Server 5.0/5.1.0/6.0 Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | 5.0 |