Vulnerabilities > IBM > Websphere Application Server > 7.0.0.28

DATE CVE VULNERABILITY TITLE RISK
2016-10-22 CVE-2016-0377 Information Exposure vulnerability in IBM Websphere Application Server
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
4.0
2016-10-05 CVE-2016-5983 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
network
low complexity
ibm CWE-284
6.5
6.5
2016-10-01 CVE-2016-5986 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
5.0
2016-09-01 CVE-2016-0385 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Websphere Application Server
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
ibm CWE-119
3.5
3.5
2016-08-08 CVE-2016-2960 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
network
ibm CWE-284
4.3
4.3
2016-07-03 CVE-2016-0359 HTTP Response Splitting vulnerability in IBM WebSphere Application Server
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
ibm
4.3
4.3
2014-10-19 CVE-2014-3021 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.
network
low complexity
ibm CWE-20
5.0
5.0
2014-01-16 CVE-2013-6330 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
ibm CWE-200
3.5
3.5