Vulnerabilities > IBM > Websphere Application Server > 6.0.2.10

DATE CVE VULNERABILITY TITLE RISK
2011-04-13 CVE-2011-1683 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
network
ibm CWE-264
6.8
2010-05-17 CVE-2010-0777 Improper Input Validation vulnerability in IBM Websphere Application Server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
network
high complexity
ibm CWE-20
2.6
2010-05-17 CVE-2010-0776 Improper Input Validation vulnerability in IBM Websphere Application Server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
network
low complexity
ibm CWE-20
5.0
2010-05-17 CVE-2010-0775 Resource Management Errors vulnerability in IBM Websphere Application Server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components.
network
low complexity
ibm CWE-399
5.0
2010-05-17 CVE-2010-0774 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
network
ibm CWE-264
4.3
2010-05-03 CVE-2010-1650 Cryptographic Issues vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
local
ibm CWE-310
1.9
2009-11-16 CVE-2009-2746 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
ibm CWE-352
6.8
2009-09-08 CVE-2009-3106 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
network
low complexity
ibm CWE-264
5.0
2009-07-14 CVE-2009-0217 Authentication Bypass vulnerability in IETF and W3C XML Digital Signature Specification HMAC Truncation
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
network
low complexity
ibm mono-project oracle
5.0
2009-06-03 CVE-2009-1901 Multiple Security vulnerability in IBM WebSphere Application Server
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
network
low complexity
ibm
critical
10.0