10

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version6.1.0.0
IbmWebsphere Application Server Version6.1.0.1
IbmWebsphere Application Server Version6.1.0.2
IbmWebsphere Application Server Version6.1.0.3
IbmWebsphere Application Server Version6.1.0.4
IbmWebsphere Application Server Version6.1.0.5
IbmWebsphere Application Server Version6.1.0.6
IbmWebsphere Application Server Version6.1.0.7
IbmWebsphere Application Server Version6.1.0.8
IbmWebsphere Application Server Version6.1.0.9
IbmWebsphere Application Server Version6.1.0.10
IbmWebsphere Application Server Version6.1.0.11
IbmWebsphere Application Server Version6.1.0.12
IbmWebsphere Application Server Version6.1.0.13
IbmWebsphere Application Server Version6.1.0.14
IbmWebsphere Application Server Version6.1.0.15
IbmWebsphere Application Server Version6.1.0.16
IbmWebsphere Application Server Version6.1.0.17
IbmWebsphere Application Server Version6.1.0.18
IbmWebsphere Application Server Version6.1.0.19
IbmWebsphere Application Server Version6.1.0.20
IbmWebsphere Application Server Version6.1.0.21
IbmWebsphere Application Server Version6.1.0.22
IbmWebsphere Application Server Version7.0.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.83% 0.76
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Patch
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Patch
http://secunia.com/advisories/34131
Vendor Advisory
http://secunia.com/advisories/34461
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992
http://www-01.ibm.com/support/docview.wss?uid=swg21367223
http://www.securityfocus.com/bid/34502