- Home
- CVEs with nessus.description==IBM WebSphere Application Server 6.1 before Fix Pack 25 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :
- Non-standard HTTP methods are allowed. (PK73246)
- An error in Single Sign-on (SSO) with SPNEGO
implementation could allow a remote attacker
to bypass security restrictions. (PK77465)
- 'wsadmin' is affected by a security exposure. (PK77495)
- Security flag 'isSecurityEnabled' is incorrectly set
after migrating from VMM. (PK78134)
- In certain cases sensitive information may appear in
migration trace. (PK78134)
- Use of insecure password obfuscation algorithm by Web
services could result in weaker than expected security
provided the client module specifies a password in
ibm-webservicesclient-bind.xmi and target environment
has custom password encryption enabled. (PK79275)
- Sensitive information might appear in trace files.
(PK80337)
- XML digital signature is affected by a security issue.
(PK80596)
- If CSIv2 Security is configured with Identity
Assertion, it may be possible for a remote
attacker to bypass security restrictions. (PK83097)
- IBM Stax XMLStreamWriter may write to an incorrect XML
file, and hence is susceptible to a XML fuzzing attack.
(PK84015)
- Configservice APIs could display sensitive information.
(PK84999)
- A security bypass caused by inbound requests that lack
a SOAPAction or WS-Addressing Action. (PK72138)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top