- Home
- CVEs with nessus.description==IBM WebSphere Application Server 6.1 before Fix Pack 25 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :
- Non-standard HTTP methods are allowed. (PK73246)
- An error in Single Sign-on (SSO) with SPNEGO implementation could allow a remote attacker to bypass security restrictions. (PK77465)
- 'wsadmin' is affected by a security exposure. (PK77495)
- Security flag 'isSecurityEnabled' is incorrectly set after migrating from VMM. (PK78134)
- In certain cases sensitive information may appear in migration trace. (PK78134)
- Use of insecure password obfuscation algorithm by Web services could result in weaker than expected security provided the client module specifies a password in ibm-webservicesclient-bind.xmi and target environment has custom password encryption enabled. (PK79275)
- Sensitive information might appear in trace files.
(PK80337)
- XML digital signature is affected by a security issue.
(PK80596)
- If CSIv2 Security is configured with Identity Assertion, it may be possible for a remote attacker to bypass security restrictions. (PK83097)
- IBM Stax XMLStreamWriter may write to an incorrect XML file, and hence is susceptible to a XML fuzzing attack.
(PK84015)
- Configservice APIs could display sensitive information.
(PK84999)
- A security bypass caused by inbound requests that lack a SOAPAction or WS-Addressing Action. (PK72138)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top