IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.2 before Fix Pack 33 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. PK66676 - The PerfServlet code...

Code injection

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors...

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors...