IBM WebSphere Partner Gateway RNIF文档绕过安全限制漏洞

BUGTRAQ ID: 33839 CVECAN ID: CVE-2009-0440 WebSphere Partner Gateway是一个轻量级、易于使用、经济高效的B2B连接工具。 WebSphere Partner Gateway没有正确地处理签名验证失败，通过认证的远程攻击者可以绕过签名验证向后端应用提交恶意的RNIF文档。 IBM WebSphere Partner Gateway 6.0.0 - 6.0.0.7 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2009-0440

IBM WebSphere Partner Gateway WPG 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet aka RNIF document to a backend application, related to 1 "altered service content" and 2 "digital...