Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Websphere_application_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 414 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-10-11 | CVE-2002-1153 | IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | Websphere_application_server | N/A | ||
| 2001-12-13 | CVE-2001-1189 | IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | Websphere_application_server | N/A | ||
| 2001-09-19 | CVE-2001-0962 | IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | Websphere_application_server, Websphere_commerce_suite | N/A | ||
| 2001-12-06 | CVE-2001-0824 | Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | Websphere_application_server | N/A | ||
| 2001-07-02 | CVE-2001-0390 | IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. | Net\.commerce, Net\.commerce_hosting_server, Websphere_application_server | N/A | ||
| 2001-07-02 | CVE-2001-0389 | IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. | Net\.commerce, Websphere_application_server | N/A | ||
| 2001-03-13 | CVE-2001-0122 | Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. | Http_server, Websphere_application_server | N/A | ||
| 2000-11-14 | CVE-2000-0848 | Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. | Websphere_application_server | N/A | ||
| 2000-07-24 | CVE-2000-0652 | IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. | Websphere_application_server | N/A | ||
| 1999-12-02 | CVE-1999-0852 | IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. | Websphere_application_server | N/A |