Design/Logic Flaw

2009-06-2501:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1
websphere_application_servereq6.1.0.22
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.4
websphere_application_servereq6.1.0.11
websphere_application_servereq7.0
websphere_application_servereq6.1.0.14
websphere_application_servereq6.1.0.20

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.22
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.4
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	7.0
websphere_application_server	eq	6.1.0.14
websphere_application_server	eq	6.1.0.20