WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

Web Services Penetration Testing: WS-Attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

WS-Attacker - Modular Framework for Web Services Penetration Testing

XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide...

Authentication flaw

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via...

CVE-2012-5952

CVE-2012-5952 affects IBM WebSphere Message Broker: 6.1 prior to 6.1.0.12, 7.0 prior to 7.0.0.6, and 8.0 prior to 8.0.0.2. The issue is that basic authentication credentials are not validated before proceeding to WS-Addressing and WS-Security operations, which can allow remote attackers to trigge...

CVE-2009-0903

IBM WebSphere Application Server WAS 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remot...