Authentication flaw

2009-08-1318:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.4%

JSON

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a “secure URL,” related to a certain invokefilterscompatibility property.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1
websphere_application_servereq6.1.0.22
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.4
websphere_application_servereq7.0.0.4
websphere_application_servereq6.1.0.11
websphere_application_servereq7.0
websphere_application_servereq6.1.0.14

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.22
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.4
websphere_application_server	eq	7.0.0.4
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	7.0
websphere_application_server	eq	6.1.0.14