Vulnerabilities > IBM > Websphere Application Server > 6.0.2.21

DATE CVE VULNERABILITY TITLE RISK
2012-01-20 CVE-2012-0193 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
ibm CWE-20
5.0
2011-04-13 CVE-2011-1683 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
network
ibm CWE-264
6.8
2010-06-24 CVE-2010-0779 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2010-06-18 CVE-2010-2327 Improper Input Validation vulnerability in IBM Websphere Application Server
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload.
network
ibm CWE-20
4.3
2010-05-17 CVE-2010-0777 Improper Input Validation vulnerability in IBM Websphere Application Server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
network
high complexity
ibm CWE-20
2.6
2010-05-17 CVE-2010-0776 Improper Input Validation vulnerability in IBM Websphere Application Server
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
network
low complexity
ibm CWE-20
5.0
2010-05-17 CVE-2010-0775 Resource Management Errors vulnerability in IBM Websphere Application Server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components.
network
low complexity
ibm CWE-399
5.0
2010-05-17 CVE-2010-0774 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
network
ibm CWE-264
4.3
2010-05-03 CVE-2010-1650 Cryptographic Issues vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.
local
ibm CWE-310
1.9
2010-04-01 CVE-2010-0770 Resource Management Errors vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.
network
low complexity
ibm CWE-399
4.0