CVE-2013-0482

Sažetak

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185
http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026
http://www-01.ibm.com/support/docview.wss?uid=swg21634646
http://www-01.ibm.com/support/docview.wss?uid=swg21635474
https://exchange.xforce.ibmcloud.com/vulnerabilities/81548

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

29-05-2013 - 14:29