EUVD-2010-0800

Malware in sbrugna...

IBM WebSphere应用服务器PKIPath和PKCS#7令牌绕过安全检查漏洞

CVE ID: CVE-2010-0774 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere应用服务器的JAX-RPC WS-Security 1.0和JAX-WS运行时实现没有正确地处理PKCS7和PKIPath令牌，远程攻击者可以通过向服务器提交恶意请求绕过预期的访问限制执行非授权操作。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 IBM Webspher...

Design/Logic Flaw

The 1 JAX-RPC WS-Security 1.0 and 2 JAX-WS runtime implementations in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS7 and PKIPath tokens, which allows remote attackers to bypass intended access...

IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0 before Fix Pack 41 for 6.0.2 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability in the Administration Console. PK97376 - An error when defining a wsadmi...