Vulnerabilities > IBM > Websphere Application Server > 6.0.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-17 | CVE-2010-0777 | Improper Input Validation vulnerability in IBM Websphere Application Server The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | 2.6 |
| 2010-05-17 | CVE-2010-0776 | Improper Input Validation vulnerability in IBM Websphere Application Server The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. | 5.0 |
| 2010-05-17 | CVE-2010-0775 | Resource Management Errors vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | 5.0 |
| 2010-05-17 | CVE-2010-0774 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | 4.3 |
| 2010-05-03 | CVE-2010-1650 | Cryptographic Issues vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. | 1.9 |
| 2010-04-01 | CVE-2010-0770 | Resource Management Errors vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. | 4.0 |
| 2010-04-01 | CVE-2010-0769 | Credentials Management vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | 1.9 |
| 2010-04-01 | CVE-2010-0768 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2009-11-16 | CVE-2009-2746 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
| 2009-09-08 | CVE-2009-3106 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | 5.0 |