Lucene search

[email protected]CVE-2010-0774

HistoryMay 17, 2010 - 10:30 p.m.

CVE-2010-0774

2010-05-1722:30:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-0774

ibm websphere

security vulnerability

jax-rpc

jax-ws

remote attack

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.8%

JSON

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.0.1

ibmwebsphere_application_serverMatch6.0.0.2

ibmwebsphere_application_serverMatch6.0.0.3

ibmwebsphere_application_serverMatch6.0.1

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.8

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.10

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.12

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.14

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.16

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.18

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.20

ibmwebsphere_application_serverMatch6.0.2.21

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.0.2.32

ibmwebsphere_application_serverMatch6.0.2.33

ibmwebsphere_application_serverMatch6.0.2.35

ibmwebsphere_application_serverMatch6.0.2.37

ibmwebsphere_application_serverMatch6.0.2.39

Node

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.0.25

ibmwebsphere_application_serverMatch6.1.0.27

ibmwebsphere_application_serverMatch6.1.0.29

Node

ibmwebsphere_application_serverMatch7.0

ibmwebsphere_application_serverMatch7.0.0.1

ibmwebsphere_application_serverMatch7.0.0.3

ibmwebsphere_application_serverMatch7.0.0.5

ibmwebsphere_application_serverMatch7.0.0.7

ibmwebsphere_application_serverMatch7.0.0.9

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0
ibm:websphere_application_serveribm websphere application servereq6.0.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.2
ibm:websphere_application_serveribm websphere application servereq6.0.1.3
ibm:websphere_application_serveribm websphere application servereq6.0.1.5
ibm:websphere_application_serveribm websphere application servereq6.0.1.7

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.7