2 matches found
CVE-2009-2088
The Servlet Engine/Web Container component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on SSO and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL,"...
CVE-2009-2088
IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.25 and 7.0 prior to 7.0.0.5 are affected. When SPNEGO Single Sign-On (SSO) and disableSecurityPreInvokeOnFilters are configured, authentication can be bypassed by requesting a "secure URL" due to the invokefilterscompatibility property. Th...