CVE-2009-1172

Sažetak

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

Reference

http://secunia.com/advisories/34131
http://secunia.com/advisories/34461
http://www.securityfocus.com/bid/34502
http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992
http://www-01.ibm.com/support/docview.wss?uid=swg21367223
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-01.ibm.com/support/docview.wss?uid=swg27014463

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

24-10-2014 - 05:37

Objavljeno

31-03-2009 - 14:09