Ibm Websphere Application Server vulnerabilities

CVE-2007-5798 [MEDIUM] CWE-79 CVE-2007-5798: Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user cons Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVE-2007-5799 [MEDIUM] CWE-352 CVE-2007-5799: Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI us Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVE-2007-5483 [CRITICAL] CVE-2007-5483: Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebS Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.

CVE-2007-4839 [HIGH] CVE-2007-4839: Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 be Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803.

CVE-2007-4833 [MEDIUM] CVE-2007-4833: Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789.

CVE-2007-3960 [CRITICAL] CVE-2007-3960: Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6 Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).

CVE-2007-3397 [MEDIUM] CVE-2007-3397: The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0. The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.

CVE-2007-3264 [CRITICAL] CVE-2007-3264: Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0. Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.

CVE-2007-3263 [CRITICAL] CVE-2007-3263: Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WA Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."

CVE-2007-3262 [HIGH] CVE-2007-3262: Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WA Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.

CVE-2007-3265 [MEDIUM] CVE-2007-3265: Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Serve Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2006-7198 [CRITICAL] CVE-2006-7198: Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/O Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

CVE-2007-1945 [HIGH] CVE-2007-1945: Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (W Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

CVE-2007-1944 [MEDIUM] CWE-119 CVE-2007-1944: The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attac The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.

CVE-2007-1608 [HIGH] CVE-2007-1608: CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

CVE-2006-7164 [MEDIUM] CVE-2006-7164: SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does n SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

CVE-2006-7166 [MEDIUM] CVE-2006-7166: IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP sou IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."

CVE-2006-7165 [MEDIUM] CVE-2006-7165: IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP sou IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."

CVE-2006-6636 [CRITICAL] CVE-2006-6636: Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5 Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.

CVE-2006-6637 [MEDIUM] CWE-200 CVE-2006-6637: The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."