Lucene search

[email protected]CVE-2009-1172

HistoryMar 31, 2009 - 2:09 p.m.

CVE-2009-1172

2009-03-3114:09:00

CWE-20

[email protected]

web.nvd.nist.gov

ibm

websphere application server

jax-rpc

ws-security

vulnerability

cve-2009-1172

nvd

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.2%

JSON

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0.21
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq6.1.0.22
ibm:websphere_application_serveribm websphere application servereq6.1.0.19
ibm:websphere_application_serveribm websphere application servereq6.1.0.2
ibm:websphere_application_serveribm websphere application servereq6.1.0.4
ibm:websphere_application_serveribm websphere application servereq6.1.0.11
ibm:websphere_application_serveribm websphere application servereq7.0
ibm:websphere_application_serveribm websphere application servereq6.1.0.14
ibm:websphere_application_serveribm websphere application servereq6.1.0.20

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.21
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.22
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.19
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.4
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.11
ibm:websphere_application_server	ibm websphere application server	eq	7.0
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.14
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.20

Rows per page:

1-10 of 271

References

secunia.com/advisories/34131

secunia.com/advisories/34461

www-01.ibm.com/support/docview.wss?uid=swg1PK75992

www-01.ibm.com/support/docview.wss?uid=swg21367223

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-01.ibm.com/support/docview.wss?uid=swg27014463

www.securityfocus.com/bid/34502

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2009-1172

prion1 cvelist1 nessus2