Vulnerabilities > IBM > Websphere Application Server > 6.0.2.22

DATE CVE VULNERABILITY TITLE RISK
2009-06-03 CVE-2009-1901 Multiple Security vulnerability in IBM WebSphere Application Server
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
network
low complexity
ibm
critical
 10.0
10
2009-06-03 CVE-2009-1900 Information Exposure vulnerability in IBM Websphere Application Server
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool.
network
low complexity
ibm CWE-200
5.0
5.0
2009-06-03 CVE-2009-1899 Multiple Security vulnerability in IBM WebSphere Application Server
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin."
network
low complexity
ibm
critical
 10.0
10
2009-06-03 CVE-2009-1898 Information Exposure vulnerability in IBM Websphere Application Server
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.
network
low complexity
ibm CWE-200
5.0
5.0
2009-03-25 CVE-2009-0891 Improper Authentication vulnerability in IBM Websphere Application Server
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
network
low complexity
ibm CWE-287
5.5
5.5
2009-02-25 CVE-2009-0506 Local vulnerability in IBM WebSphere Application z/OS CSLv2 Identity Assertion
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.
local
high complexity
ibm
6.2
6.2
2009-02-17 CVE-2009-0504 Information Exposure vulnerability in IBM Websphere Application Server
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
local
low complexity
ibm CWE-200
2.1
2.1
2009-02-10 CVE-2009-0436 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.
local
low complexity
ibm CWE-264
7.2
7.2
2009-02-10 CVE-2009-0434 Information Exposure vulnerability in IBM Websphere Application Server
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files.
local
ibm CWE-200
1.9
1.9
2009-02-10 CVE-2009-0433 Multiple vulnerability in IBM WebSphere Application Server
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down.
network
high complexity
ibm
2.6
2.6