Lucene search

[email protected]CVE-2009-0904

HistoryJul 05, 2009 - 4:30 p.m.

CVE-2009-0904

2009-07-0516:30:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

stax xmlstreamwriter

websphere application server

cve-2009-0904

nvd

xml encoding

soap requests

security vulnerability

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via “XML fuzzing attacks” sent through SOAP requests.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.4

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.6

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.8

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.10

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.14

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.16

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.18

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.20

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.22

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.1

ibmwebsphere_application_serverMatch6.1.13

ibmwebsphere_application_serverMatch6.1.14

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq6.1.0
ibm:websphere_application_serveribm websphere application servereq6.1.0.1
ibm:websphere_application_serveribm websphere application servereq6.1.0.2
ibm:websphere_application_serveribm websphere application servereq6.1.0.3
ibm:websphere_application_serveribm websphere application servereq6.1.0.4
ibm:websphere_application_serveribm websphere application servereq6.1.0.5
ibm:websphere_application_serveribm websphere application servereq6.1.0.6
ibm:websphere_application_serveribm websphere application servereq6.1.0.7
ibm:websphere_application_serveribm websphere application servereq6.1.0.8

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.4
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.5
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.6
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.7
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.8