IBM Support

WebSphere Application Server and IBM HTTP Server Security Bulletin List

Question & Answer


Question

Is there a list that contains the security bulletins that apply to WebSphere Application Server and IBM HTTP Server?

Answer

The following table is provided to help you locate WebSphere Application Server and IBM HTTP Server security bulletins. These are listed numerically by CVE number not by the last one published.

Note the IBM Java runtime included with WebSphere Application Server provides an execution environment for non-IBM code. While the below table includes all IBM Java vulnerabilities related to the WebSphere Application Server product, there might be additional IBM Java vulnerabilities which impact non-IBM code running in your WebSphere Application Server environment. For a listing of all IBM Java security bulletins, refer to IBM Java Security Alerts. To determine the Java SDK version used with WebSphere Application Server, refer to the Verify Java SDK version shipped with WebSphere Application Server.

To avoid preventable security issues, it is recommended that you stay up-to-date on the most current maintenance options for your products. You can also subscribe to the security bulletins for each of your products as provided in this link, IBM Security Bulletins.

When significant updates have been made to security bulletins, it will be noted with the date of the last update in the bulletin columns.

2019 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2019-10098 3.7 Not affected Phishing attack 9.0, 8.5, 8.0, 7.0
CVE-2019-10092 4.7 Not affected Cross-site scripting 9.0, 8.5, 8.0, 7.0
CVE-2019-9518 7.5 Denial of Service Not affected Liberty
CVE-2019-9517 7.5 Denial of Service Not affected Liberty
CVE-2019-9515 7.5 Denial of Service Not affected Liberty
CVE-2019-9514 7.5 Denial of Service Not affected Liberty
CVE-2019-9513 7.5 Denial of Service Not affected Liberty
CVE-2019-9512 7.5 Denial of Service Not affected Liberty
CVE-2019-4505 3.7 Information Disclosure Not affected 9.0, 8.5, 7.0Virtual Enterprise
CVE-2019-4477 5.3 Information Disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2019-4442 4.3 Path Traversal Not affected 9.0, 8.5, 8.0, 7.0
CVE-2019-4441 5.3 Information disclosure Not affected 9.0, 8.5, 8.0, 7.0 Liberty
CVE-2019-4305 5.3 Information disclosure Not affected Liberty
CVE-2019-4304 6.3 Bypass security Not affected Liberty
CVE-2019-4285 5.4 Clickjacking vulnerability Not affected Liberty
CVE-2019-4279 9.0 Remote Code Execution Not affected 9.0, 8.5, 7.0Virtual Enterprise
CVE-2019-4271 3.5 HTTP Parameter Pollution Not affected 9.0, 8.5, 7.0Virtual Enterprise
CVE-2019-4270 5.4 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2019-4269 5.3 Information Disclosure Not affected 9.0
CVE-2019-4268 5.3 Path Traversal Not affected 9.0, 8.5, 8.0, 7.0
CVE-2019-4080 6.5 Denial of Service Not affected 9.0, 8.5, 8.0, 7.0
CVE-2019-4046 5.9 Denial of Service Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2019-4030 5.4 Cross-site scripting Not affected 9.0, 8.5, 8.0VE, 7.0VE
CVE-2019-2426 3.7 IBM Java SDK for January 2019 CPU Not affected 9.0, 8.5, Liberty
CVE-2019-0220 5.3 Not affected Weaker Security 9.0, 8.5, 8.0, 7.0
CVE-2019-0211 8.2 Not affected Privilege Escalation 9.0

2018 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
N/A 8.1 Remote code execution in JSF Not affected 8.5, 8.0, 7.0
CVE-2018-20843 3.3 Not affected Denial of service 9.0, 8.5, 8.0, 9.0
CVE-2018-17199 5.3 Not affected Bypass security 9.0
CVE-2018-12547 9.8 IBM Java SDK for January 2019 CPU Not affected 9.0, 8.5, Liberty
CVE-2018-12539 8.4 IBM Java SDK for July 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-10237 7.5 Not affected 9.0, 8.5, Liberty
CVE-2018-8039 7.5 Man-in-the-Middle Not affected 9.0 Liberty
CVE-2018-3180 5.6 IBM Java SDK for October 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-3139 3.1 IBM Java SDK for October 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2800 4.2 IBM Java SDK for April 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2783 7.4 IBM Java SDK for April 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2637 7.4 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2634 6.8 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2633 8.3 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2603 5.3 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2602 4.5 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-2579 3.7 IBM Java SDK for January 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-1996 5.3 Weaker Security Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1957 4.0 Information Disclosure Not affected 9.0
CVE-2018-1926 4.3 Cross-site Request Forgery Not affected 9.0, 8.5
CVE-2018-1905 7.1 XXE vulnerability Not affected 9.0
CVE-2018-1904 8.1 Remote Code execution Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1902 3.1 Spoofing Vulnerability Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-1901 5.0 Privilege Escalation Not affected 9.0, 8.5, Liberty
CVE-2018-1890 5.6 IBM Java SDK for January 2019 CPU Not affected 9.0, 8.5, Library
CVE-2018-1851 7.3 Code execution Not affected Liberty
CVE-2018-1840 6.0 Privilege escalation Not affected

9.0, 8.5

CVE-2018-1798 6.1 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1797 6.3 Directory traversal Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1794 6.1 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1793 6.1 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1777 5.4 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1770 6.5 Directory traversal Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1767 6.1 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-1755 5.9 Information Disclosure Not affected Liberty
CVE-2018-1719 5.9 Weaker security Not affected 9.0, 8.5
CVE-2018-1695 7.3 Spoofing vulnerability Not affected 8.5, 8.0, 7.0
CVE-2018-1683 5.9 Information disclosure Not affected Liberty
CVE-2018-1656 7.4 IBM Java SDK for July 2018 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2018-1643 6.1 Cross-site Scripting Not affected 9.0, 8.5, 8.0
CVE-2018-1626 4.3 Cross-site Request Forgery Not affected 9.0, 8.5
CVE-2018-1621 4.4 Information disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1614 5.8 Information disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1567 9.8 Code execution Not affected 9.0, 8.5, 8.0, 7.0
CVE-2018-1553 5.3 Information disclosure Not affected Liberty
CVE-2018-1447 5.1 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
CVE-2018-1427 6.2 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
CVE-2018-1426 7.4 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
ROBOT CVE-2018-1388 9.1 Not affected Information Disclosure 7.0
CVE-2018-1301 5.3 Not affected Denial of service 9.0, 8.5, 8.0, 7.0

2017 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2017-15715 3.7 Not affected Weaker security 9.0, 8.5, 8.0, 7.0
CVE-2017-15710 5.3 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2017-12624 5.3 Denial of Service Not affected 9.0, Liberty
CVE-2017-12618 5.5 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2017-12613 9.1 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2017-10388 7.5 IBM Java SDK for October 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-10356 6.2 IBM Java SDK for October 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-10116 8.3 IBM Java SDK for July 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-10115 7.5 IBM Java SDK for July 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-10102 9.0 IBM Java SDK for July 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-9798 7.5 Not affected Information Disclosure 9.0, 8.5, 8.0, 7.0
CVE-2017-7679 5.3 Not affected Information Disclosure 9.0, 8.5, 8.0, 7.0
CVE-2017-7668 5.3 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2017-5638 7.3 Not affected bulletin Not affected bulletin
CVE-2017-3736 5.9 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
CVE-2017-3732 5.3 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
CVE-2017-3511 7.7 IBM Java SDK for April 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-3167 5.3 Not affected Bypass security 9.0, 8.5, 8.0, 7.0
CVE-2017-1788 5.3 Spoofing Not affected 9.0, Liberty
CVE-2017-1743 4.3 Information Disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1741 4.3 Information Disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1731 8.8 Privilege escalation Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1681 4.0 Information Disclosure Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-1583 5.3 Information Disclosure Not affected 8.5, 8.0, Liberty
CVE-2017-1504 5.3 Weaker security Not affected 9.0
CVE-2017-1503 6.1 HTTP response splitting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1501 5.9 Weaker security Not affected 9.0, 8.5, 8.0
CVE-2017-1382 5.1 Insecure file permissions Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1381 2.9 Information disclosure Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1380 5.4 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2017-1194 4.3 Cross-site request forgery Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2017-1151 8.1 Privilege escalation Not affected 9.0, 8.5, 8.0
CVE-2017-1137 5.9 Weaker security Not affected 8.5, 8.0
CVE-2017-1121 5.4 Cross-site scripting vulnerability Not affected 9.0, 8.5, 8.0, 7.0

2016 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2016-1000031 9.8 Execute Code Not affected 9.0, 8.5, 8.0, Liberty
CVE-2016-9736 3.7 Information Disclosure Not affected 9.0, 8.5, 8.0
CVE-2016-8934 5.4 Cross-site scripting vulnerability Not affected 9.0, 8.5, 8.0, 7.0
CVE-2016-8919 5.9 Denial of service Not affected 9.0,8.5, 8.0, 7.0
CVE-2016-8743 6.1 Not affected Response splitting attack 9.0,8.5, 8.0, 7.0
CVE-2016-7056 4.0 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0, 7.0
CVE-2016-5986 3.7 Information Disclosure Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5983 7.5 Gain Privileges Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5597 5.9 IBM Java SDK for October 2016 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5573 8.3 IBM Java SDK for October 2016 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5549 6.5 IBM Java SDK for January 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5548 6.5 IBM Java SDK for January 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5547 5.3 IBM Java SDK for January 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-5546 7.5 IBM Java SDK for January 2017 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
HTTPOXY CVE-2016-5387 8.1 Not affected Redirect HTTP traffic 9.0, 8.5, 8.0, 7.0
CVE-2016-4975 6.1 Not affected Superseded by CVE-2016-8743 9.0, 8.5, 8.0, 7.0
CVE-2016-4472 5.3 Not affected Denial of Service with Expat 9.0, 8.5, 8.0, 7.0
CVE-2016-3485 2.9 IBM Java SDK for July 2016 CPU Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-3427 10 IBM Java SDK for April 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-3426 4.3 IBM Java SDK for April 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-3092 5.3 Apache Commons FileUpload Vulnerability Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-3042 5.4 Cross-site scripting vulnerability Not affected Liberty
CVE-2016-3040 6.3 Open Redirect Vulnerability Not affected Liberty
CVE-2016-2960 3.7 Denial of Service with SIP Services Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-2945 5.0 Weaker security in Liberty API discovery feature Not affected Liberty
CVE-2016-2923 5.3 Information Disclosure vulnerability Not affected Liberty
SWEET32 CVE-2016-2183 3.7 IBM Java SDK for January 2017 CPU IBM HTTP Server and Sweet32 (21 Dec 2017) 9.0 8.5, 8.0, 7.0, Liberty
CVE-2016-1182

CVE-2016-1182
4.8

4.8
Bypass Security Restrictions
Bypass Security Restrictions UDDI (21 June 2018)
Not affected 9.0, 8.5, 8.0, 7.0
CVE-2016-1181

CVE-2016-1181
8.1

8.1
Execute Code

Execute Code UDDI (21 June 2018)
Not affected

Not affected
9.0, 8.5, 8.0, 7.0
9.0, 8.5. 8.0, 7.0
DROWN CVE-2016-0800 Not affected bulletin Not affected bulletin
CVE-2016-0718 9.8 Not affected Denial of Service with Expat (13 Sept 2016) 9.0, 8.5, 8.0, 7.0
CVE-2016-0702 2.9 Not affected Vulnerability in GSKit Component 9.0, 8.5, 8.0
CVE-2016-0488 4.0 IBM Java SDK for January 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-0475 5.8 IBM Java SDK for January 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-0466 5.0 IBM Java SDK for January 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-0389 5.3 Information Disclosure Vulnerability Not affected Liberty
CVE-2016-0385 3.1 Bypass security restrictions Not affected 9.0, 8.5, 8.0, 7.0, Liberty
CVE-2016-0378 3.7 Information Disclosure Vulnerability Not affected Liberty
CVE-2016-0377 4.3 Information Disclosure vulnerability Not affected 8.5, 8.0, 7.0
CVE-2016-0360 8.1 Deserialize objects with MQ Resource adapter 14.03.2017 Not affected 9.0, 8.5, 8.0, 7.0
CVE-2016-0359 6.1 HTTP Response Splitting Not affected 8.5, 8.0, 7.0, Liberty
CVE-2016-0306 3.7 Security vulnerability if FIPS 140-2 is enabled Not affected 8.5, 8.0,7.0, Liberty
CVE-2016-0283 6.1 Cross-site scripting vulnerability Not affected Liberty
CVE-2016-0201 5.9 Not affected Vulnerability in GSKit component 8.5, 8.0, 7.0

2015 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
SLOTH CVE-2015-7575 7.1 IBM Java SDK for January 2016 CPU Not affected 8.5, 8.0, 7.0, Liberty
CVE-2015-7450 9.8 Vulnerability in Apache Commons affects IBM WebSphere Application Server (21 Dec 2017) Not affected 8.5, 8.0, 7.0, Liberty
CVE-2015-7420 3.7 Not affected Vulnerability in GSKit component 8.5, 8.0, 7.0
CVE-2015-7417 5.4 Cross-site scripting with OAuth Not affected 8.5, 8.0, 7.0, Liberty
CVE-2015-5006 4.6 IBM Java SDK for October 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-4947 7.5 Not affected Stack buffer overflow 8.5, 8.0, 7.0, 6.1
CVE-2015-4938 3.5 Spoof servlet vulnerabilities 8.5, 8.0, 7.0, Liberty
CVE-2015-4872 5.0 IBM Java SDK for October 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-4749 4.3 IBM Java SDK for July 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-4734 5.0 IBM Java SDK for October 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
Log Jam CVE-2015-4000 4.3 Logjam with Diffie-Hellman ciphers Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-3183 6.1 Not affected HTTP Request smuggling 8.5, 8.0, 7.0, 6.1
Bar Mitzvah CVE-2015-2808 5.0 Vulnerability in RC4 stream cipher affects WebSphere Application Server Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-2625 2.6 IBM Java SDK for July 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-2613 5.0 IBM Java SDK for July 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-2601 5.0 IBM Java SDK for July 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-2017 5.0 HTTP response splitting attack Not affected 8.5, 8.0, 7.0, 6.1
CVE-2015-1946 4.1 Gain elevated privileges Not affected 8.5, 8.0, 7.0
CVE-2015-1936 4 Hijack users session vulnerability Not affected 8.5, 8.0
CVE-2015-1932 5 Information Disclosure vulnerability Not affected 8.5, 8.0, 7.0
CVE-2015-1931 2.1 IBM Java SDK for July 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-1927 6.8 Gain elevated privileges vulnerability Not affected 8.5, 8.0, 7.0, Liberty
CVE-2015-1920 9.3 Security vulnerability with management port in WebSphere Application Server Not affected 8.5, 8.0, 7.0, 6.1
CVE-2015-1916 5.0 IBM Java SDK for April 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-1885 9.3 Gain elevated privileges with OAuth grant password Not affected 8.5, 8.0, 7.0, Liberty
CVE-2015-1882 8.5 Gain elevated privileges with EJB Not affected Liberty
CVE-2015-1829 5.0 Not affected Denial of Service on Windows with IBM HTTP Server 8.5, 8.0, 7.0, 6.1
CVE-2015-1788 5.0 Not affected Denial of Service in GSKIT with IBM HTTP Server 8.5, 8.0
CVE-2015-1283 6.8 Not affected Denial of Service with IBM HTTP Server 8.5, 8.0, 7.0, 6.1
CVE-2015-0899 4.3 Bypass security Not affected 9.0, 8.5, 8.0, 7.0
CVE-2015-0488 5.0 IBM Java SDK for April 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-0478 4.3 IBM Java SDK for April 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-0410 5.0 IBM Java SDK for January 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2015-0400 5.0 IBM Java SDK for January 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2015-0254 7.5 Security vulnerability in Apache Standard Taglibs Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-0250 4.3 Security vulnerability in Apache Batik Not affected 8.5, 8.0, 7.0, 6.1
Ghost CVE-2015-0235 Not affected Not affected
CVE-2015-0226 5.0 Security vulnerability in Apache WSS4J Not affected 8.5
CVE-2015-0204 4.3 IBM Java SDK for April 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2015-0174 3.5 Information disclosure with SNMP Not affected 8.5
CVE-2015-0175 4.0 Gain elevated privileges with authData elements Not affected Liberty
FREAK CVE-2015-0138 4.3 Vulnerability with RSA export Keys affects WebSphere Application Server Vulnerability with RSA export keys affects IBM HTTP Server 8.5, 8.0, 7.0, 6.1, Liberty

2014 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2014-8917 4.3 Cross-site Scripting in Dojo Toolkit Not affected 8.5, 8.0
CVE-2014-8890 5.1 Elevated Privileges in Liberty Not affected Liberty
TLS Padding CVE-2014-8730 4.3 Not affected bulletin TLS Padding in IBM HTTP Server 8.5, 8.0, 7.0, 6.1
CVE-2014-7810 5.0 Bypass security Bypass security 9.0, 8.5, 8.0, 7.0, Liberty
Shell shock CVE-2014-7189
CVE-2014-7186
CVE-2014-7169
CVE-2014-6278
CVE-2014-6277
CVE-2014-6271
Bash Vulnerabilities

Not affected but applications could be
Bash Vulnerabilities

Not affected but applications could be
Customer application might be vulnerable
CVE-2014-6593 4.0 IBM Java SDK for January 2015 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-6558 2.6 IBM Java SDK for October 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-6512 4.3 IBM Java SDK for October 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-6457 4.0 IBM Java SDK for October 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-6174 4.3 Click jacking vulnerability Not affected 8.5, 8.0, 7.0
CVE-2014-6167 Cross-site scripting Not affected 8.5, 8.0, 7.0, Liberty
CVE-2014-6166 5.0 Obtain sensitive information Not affected 8.5, 8.0
CVE-2014-6164 4.3 Spoofing vulnerability Not affected 8.5
CVE-2014-4816 3.5 Not affected Cross-site scripting vulnerability 8.5, 8.0, 7.0, 6.1, 6.0
CVE-2014-4770 3.5 Not affected Cross-site request forgery 8.5, 8.0, 7.0, 6.1, 6.0
CVE-2014-4767 4.3 Weaker than expected security Not affected Liberty
CVE-2014-4764 7.1 Denial of service Not affected 8.5, 8.0
CVE-2014-4263 4.0 IBM Java SDK for July 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-4244 4.0 IBM Java SDK for July 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
POODLE CVE-2014-3566 4.3 IBM Java SDK for October 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-3083 5.0 Obtain sensitive information Not affected 8.5, 8.0, 7.0, Liberty
CVE-2014-3070 5.0 Obtain sensitive information Not affected 8.5, 8.0
CVE-2014-3068 2.4 IBM Java SDK for July 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-3022 5.0 Bypass security Not affected 8.5, 8.0
CVE-2014-3021 5.0 Obtain sensitive information Not affected 8.5, 8.0, 7.0
CVE-2014-0965 4.3 Obtain sensitive information Not affected 8.5, 8.0, 7.0
CVE-2014-0964 7.1 Denial of service Not affected 6.1
CVE-2014-0963 7.1 Not affected CPU exhaustion 8.5, 8.0, 7.0, 6.1, 6.0
CVE-2014-0896 4.3 Obtain sensitive information Not affected Liberty
CVE-2014-0891 5.0 Obtain sensitive information Not affected 8.5, 8.0, 7.0
CVE-2014-0878 5.8 IBM Java SDK for April 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-0859 5.0 Denial of service Not affected 8.5, 8.0, 7.0, Liberty
CVE-2014-0857 4.0 Obtain Information Not affected 8.5, 8.0
CVE-2014-0823 4.3 View Files Not affected 8.5, 8.0, Liberty
CVE-2014-0460 5.8 IBM Java SDK for April 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-0453 4.0 IBM Java SDK for April 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-0411 4.0 IBM Java SDK for January 2014 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2014-0231 5.0 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1, 6.0
CVE-2014-0226 7.5 Not affected Heap buffer overflow 8.5, 8.0, 7.0, 6.1, 6.0
Heartbleed CVE-2014-0160 Not affected Bulletin Not affected Bulletin
CVE-2014-0118 5.0 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1, 6.0
CVE-2014-0114
CVE-2014-0114
7.5
7.5
Execute code
Execute code UDDI (21 June 2018)
Not affected 7.0, 6.1
9.0, 8.5, 8.0, 7.0
CVE-2014-0098 5.0 Not affected Denial of service 8.5, 8.0, 7.0, 6.1
CVE-2014-0076 2.1 Not affected Information Disclosure 8.5, 8.0
CVE-2014-0050 5.0 Denial of service Not affected 8.5, 8.0, 7.0, 6.1

2013 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2013-6747 7.1 Not affected Denial of Service 8.5, 8.0, 7.0
CVE-2013-6738 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, Liberty
CVE-2013-6725 3.5 Cross-site scripting Not affected 8.5, 8.0, 7.0
CVE-2013-6440 4.3 XML External Entity Not affected Liberty
CVE-2013-6438 4.3 Not affected Buffer overflow 8.5, 8.0, 7.0
CVE-2013-6330 2.1 Obtain sensitive information Not affected 7.0
CVE-2013-6329 7.8 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1
CVE-2013-6325 4.3 Denial of Service Not affected 8.5, 8.0, 7.0
CVE-2013-6323 3.5 Cross-site scripting Not affected 8.5, 8.0, 7.0
CVE-2013-5802 2.6 IBM Java SDK for Oct 2013 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-5780 4.3 IBM Java SDK for Oct 2013 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-5704 5 Not affected Bypass security 8.5, 8.0, 7.0, 6.1
CVE-2013-5425 3.5 Cross-site scripting Not affected 8.5
CVE-2013-5418 3.5 Cross-site scripting Not affected 8.5, 8.0, 7.0
CVE-2013-5417 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0 Liberty
CVE-2013-5414 3.5 Privilege escalation Not affected 8.5, 8.0, 7.0
CVE-2013-5372 4.3 IBM Java SDK for Oct 2013 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-4053 6.8 Privilege escalation Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-4052 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-4039 4 Obtain sensitive information Not affected 8.5
CVE-2013-4006 3.5 Obtain sensitive information Not affected Liberty
CVE-2013-4005 3.5 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-4004 3.5 Cross-site scripting Not affected 8.5, 8.0
CVE-2013-3029 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-3024 6.9 Execute code Not affected 8.5
CVE-2013-2976 1.9 Obtain sensitive information Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-2967 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-1896 4.3 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1
CVE-2013-1862 5.1 Not affected Command execution 8.5, 8.0, 7.0, 6.1
CVE-2013-1768 10 Deserialization Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2013-1571 4.3 Clickjacking Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0599 5 Obtain sensitive information Not affected 8.5
CVE-2013-0597 3.5 Cross-site scripting Not affected 8.5, 8.0, 7.0, Liberty
CVE-2013-0596 4.3 Cross-site scripting Not affected 6.1
CVE-2013-0565 4.3 Cross-site scripting Not affected 8.5
CVE-2013-0544 3.5 File directory traversal Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0543 6.8 Bypass security Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0542 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0541 1.9 Buffer overflow Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0540 4.9 Bypass security Not affected Liberty
CVE-2013-0482 2.6 Spoofing   Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0467 4 Obtain sensitive information Not affected 8.5
CVE-2013-0464 4.3 Execute code Not affected 8.5, 8.0,
CVE-2013-0462 6.5 Bypass security Not affected 8.5, 8.0, 7.0, 6.1, Liberty
CVE-2013-0461 1.2 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0460 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0459 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0458 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0443 4 IBM Java SDK for Feb 2013 CPU Not affected 8.5, 8.0, 7.0, 6.1
CVE-2013-0440 5 IBM Java SDK for Feb 2013 CPU Not affected 8.5, 8.0, 7.0, 6.1
Lucky Thirteen CVE-2013-0169 4.3 IBM Java SDK for Feb 2013 CPU Side Channel Attack 8.5, 8.0, 7.0, 6.1

2012 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2012-5783 4.3 Spoofing attacks Not affected 9.0, 8.5, 8.0, 7.0
CVE-2012-4853 4.3 Cross-site request Forgery Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-4851 4.3 Cross-site scripting Not affected Liberty
CVE-2012-4850 7.5 Privilege escalation Not affected Liberty
CVE-2012-3330 5 Denial of Service Not affected 8.5, 8.0, 7.0
CVE-2012-3325 6 Bypass security Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-3311 3 Bypass security Not affected 8.5, 8.0, 7.0
CVE-2012-3306 4.3 Weaker security Not affected 8.5, 8.0, 7.0
CVE-2012-3305 5.8 File directory traversal Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-3304 6.8 Hijack session Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-3293 4.3 Cross-site scripting Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-2191 5 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1
CVE-2012-2190 5 Not affected Denial of Service 8.5, 8.0, 7.0, 6.1
CVE-2012-2170 4.3 Obtain sensitive information Not affected 8.0, 7.0, 6.1
CVE-2012-2159 4.3 Cross-site scripting Not affected 8.5, 8.0
CVE-2012-2098 5 Denial of Service Not affected 8.5, 8.0, 7.0, 6.1
CVE-2012-1148 5 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2012-1007 4.3 Cross-site scripting Not affected 9.0, 8.5, 8.0, 7.0
CVE-2012-0876 5 Not affected Denial of Service 9.0, 8.5, 8.0, 7.0
CVE-2012-0720 4.3 Cross-site scripting Not affected 8.0, 7.0, 6.1
CVE-2012-0717 2.6 Bypass security Not affected 7.0, 6.1
CVE-2012-0716 4.3 Cross-site scripting Not affected 8.0, 7.0, 6.1
CVE-2012-0193 5 Denial of Service Not affected 8.0, 7.0, 6.1

2011 CVEs

Name
CVE
CVSS Score
WebSphere Application Server Bulletin or Assessment
IBM HTTP Server Bulletin or Assessment
Versions Affected
CVE-2011-4889 5 Weaker security Not affected 8.0, 7.0, 6.1
CVE-2011-4343 5 Obtain sensitive information Not affected 8.5, 8.0, Liberty
CVE-2011-1377 2.1 Weaker security Not affected 8.0, 7.0, 6.1
CVE-2011-1376 4.4 Insecure permissions Not affected 8.0, 7.0, 6.1

For Security vulnerabilities in guest operating systems of IBM WebSphere Application Server Hypervisor Edition, refer to this bulletin - IBM WebSphere Hypervisor Edition Vulnerabilities in Operating System.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.0.0;8.5.5;8.5;8.0;7.0;6.1","Edition":"Advanced;Base;Developer;Express;Liberty;Network Deployment"},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Product":{"code":"SSCKBL","label":"WebSphere Application Server Hypervisor Edition"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""},{"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

Document Information

Modified date:
14 October 2019

UID

swg21984533