163 matches found
Potential security vulnerability with IBM WebSphere Application Server
Abstract Security Bulletin: Asset and Service Management Products - Potential security exposure when using WS-Security, with either JAX-WS or JAX-RPC, resulting in a user gaining elevated privileges CVE-2011-1377. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-1377 DESCRIPTION: Websphere...
Security Bulletin: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)
Summary There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. Vulnerability Details WebSphere Application Server could provide weaker than expected security when using web services...
Security Bulletin: Potential Security Vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.8
Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.8 Vulnerability Details CVE ID:CVE-2013-0460PM72275 DESCRIPTION: WebSphere Application Server could be vulnerable to a cross-site request forgery, caused by improper validation of portlets in...
Information Disclosure
Apache cxf-rt-ws-security is vulnerable to information disclosure. A malicious user can pass a malicious delegation token to the application, causing the application to return a cached token from another user...
IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw in the modrewrite module of Apache HTTP Server potentially allows a remote attacker to execute arbitrary code via...
IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. CVE-2012-209...
CVE-2013-4053
The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...
Code injection
The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...
CVE-2013-4053
CVE-2013-4053 refers to IBM WebSphere Application Server WS-Security with XML Digital Signature using a trust store, where improper certificate verification could let a remote attacker gain privileged access. Affected products/versions include WebSphere Application Server 8.5, 8.0, 7.0, and 6.1 (...
CVE-2013-4053
The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...
IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that us...
IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. CVE-2013-0169, PM85211 - The...
IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. CVE-2013-0169, PM85211 - The...
Design/Logic Flaw
IBM WebSphere Application Server WAS 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message,...
CVE-2013-0482
IBM WebSphere Application Server WAS 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message,...
apache-cxf: XML encryption backwards compatibility attacks
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...
apache-cxf: XML encryption backwards compatibility attacks
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...
IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities
IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists that could allow cross-site request forgery CSRF attacks. CVE-2012-4853 / PM62920 - The...
IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The included Java SDK contains several errors that affect the application directly. CVE-2013-0169, CVE-2013-0440,...
Important: Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.1 update
JBoss Enterprise BRMS Platform 5.3.1 roll up patch 1, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...