Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19660
HistoryMay 20, 2010 - 12:00 a.m.

IBM WebSphere应用服务器PKIPath和PKCS#7令牌绕过安全检查漏洞

2010-05-2000:00:00
Root
www.seebug.org
5

0.002 Low

EPSS

Percentile

55.9%

JSON

CVE ID: CVE-2010-0774

IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。

WebSphere应用服务器的JAX-RPC WS-Security 1.0和JAX-WS运行时实现没有正确地处理PKCS#7和PKIPath令牌,远程攻击者可以通过向服务器提交恶意请求绕过预期的访问限制执行非授权操作。

IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0
厂商补丁:

IBM

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Related

cvelist 1
nvd 1
cve 1
prion 1
openvas 2
nessus 3
cvelist
cvelist
CVE-2010-0774
2010-05-17 22:00:00
nvd
nvd
CVE-2010-0774
2010-05-17 22:30:01
cve
cve
CVE-2010-0774
2010-05-17 22:30:01
prion
prion
Design/Logic Flaw
2010-05-17 22:30:00
openvas
openvas
IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability
2010-05-21 00:00:00
IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability
2010-05-21 00:00:00
nessus
nessus
IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities
2010-04-06 00:00:00
IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities
2010-04-06 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities
2010-06-22 00:00:00

0.002 Low

EPSS

Percentile

55.9%

JSON
Related for SSV:19660
cvelist1nvd1cve1prion1openvas2nessus3