CVE-2005-3498

Public exploit
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.37%
Published
2005-11-04
Updated
2018-09-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-04-28
Updated
2021-07-21
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-09-17
Updated
2022-11-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.
Max CVSS
4.3
EPSS Score
0.09%
Published
2019-03-11
Updated
2019-10-09
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.
Max CVSS
4.3
EPSS Score
0.16%
Published
2018-05-04
Updated
2018-06-06
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.
Max CVSS
4.3
EPSS Score
0.09%
Published
2018-03-14
Updated
2019-10-09
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
Max CVSS
4.3
EPSS Score
1.88%
Published
2016-08-08
Updated
2017-08-16
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.
Max CVSS
4.3
EPSS Score
0.16%
Published
2016-11-24
Updated
2016-11-28
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.11%
Published
2016-10-22
Updated
2017-08-16
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.12%
Published
2015-12-15
Updated
2016-12-07
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
Max CVSS
4.3
EPSS Score
0.21%
Published
2015-11-08
Updated
2016-12-07
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
Max CVSS
4.4
EPSS Score
0.04%
Published
2015-07-14
Updated
2016-11-28
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.11%
Published
2015-04-27
Updated
2015-11-30
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.13%
Published
2015-03-24
Updated
2015-03-24
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.
Max CVSS
4.3
EPSS Score
0.23%
Published
2014-12-18
Updated
2017-09-08
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2014-12-18
Updated
2017-09-08
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-12-18
Updated
2017-09-08
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-09-04
Updated
2017-08-29
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
4.0
EPSS Score
0.11%
Published
2014-08-17
Updated
2017-08-29
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-08-22
Updated
2017-08-29
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-08-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-07-18
Updated
2017-08-29
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.
Max CVSS
4.3
EPSS Score
0.31%
Published
2014-05-01
Updated
2017-08-29
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.
Max CVSS
4.0
EPSS Score
0.16%
Published
2014-05-01
Updated
2017-08-29
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.
Max CVSS
4.3
EPSS Score
0.38%
Published
2014-05-01
Updated
2017-08-29
82 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!