10

CVE-2010-3186

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version7.0.0.1
IbmWebsphere Application Server Version7.0.0.2
IbmWebsphere Application Server Version7.0.0.3
IbmWebsphere Application Server Version7.0.0.4
IbmWebsphere Application Server Version7.0.0.5
IbmWebsphere Application Server Version7.0.0.6
IbmWebsphere Application Server Version7.0.0.7
IbmWebsphere Application Server Version7.0.0.9
IbmWebsphere Application Server Version7.0.0.10
IbmWebsphere Application Server Version7.0.0.11
IbmWebsphere Application Server Version6.1.0.9
IbmWebsphere Application Server Version6.1.0.10
IbmWebsphere Application Server Version6.1.0.11
IbmWebsphere Application Server Version6.1.0.12
IbmWebsphere Application Server Version6.1.0.13
IbmWebsphere Application Server Version6.1.0.14
IbmWebsphere Application Server Version6.1.0.15
IbmWebsphere Application Server Version6.1.0.16
IbmWebsphere Application Server Version6.1.0.17
IbmWebsphere Application Server Version6.1.0.18
IbmWebsphere Application Server Version6.1.0.19
IbmWebsphere Application Server Version6.1.0.20
IbmWebsphere Application Server Version6.1.0.21
IbmWebsphere Application Server Version6.1.0.22
IbmWebsphere Application Server Version6.1.0.23
IbmWebsphere Application Server Version6.1.0.24
IbmWebsphere Application Server Version6.1.0.25
IbmWebsphere Application Server Version6.1.0.26
IbmWebsphere Application Server Version6.1.0.27
IbmWebsphere Application Server Version6.1.0.29
IbmWebsphere Application Server Version6.1.0.31
IbmWebsphere Application Server Version6.1.0.32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.61% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/67570
http://secunia.com/advisories/41173
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360
http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014
http://www-01.ibm.com/support/docview.wss?uid=swg21443736
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24027708
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24027709
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2215
https://exchange.xforce.ibmcloud.com/vulnerabilities/61435