IBM WebSphere Application Server JAX-RPC WS-Security/JAX-WS Runtime Security Bypass Vulnerability
I just saw this in my RSS feeds:
Bugtraq ID: 40322
Class: Design Error
CVE: CVE-2010-0774
Remote: Yes
Local: No
Published: May 11 2010 12:00AM
Updated: Jun 17 2011 04:00PM
Credit: IBM
Vulnerable: IBM Websphere Application Server 7.0.*
IBM Websphere Application Server 6.1.*
IBM Websphere Application Server 6.0.*
IBM Tivoli Business Service Manager 4.2.1
(See full list in original document)
Not Vulnerable: IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.0.2.41
IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability because the application fails to properly handle WebServices PKCS#7 and PKIPath tokens.
Successful exploits may allow attackers to gain unauthorized access to the service, which may lead to other attacks.
The following are vulnerable:
WebSphere Application Server prior to 6.0.2.41, 6.1.0.31, and 7.0.0.11.
Exploit:
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available; please see the references for more information.
References:
* IBM WebSphere Application Server Product Page (IBM)
* Recommended fixes for WebSphere Application Server (IBM)
* WebSphere Application Server WebServices PKIPath and PKCS#7 token type security (IBM XForce)
* websphere vulnerability (IBM)
Bugtraq ID: 40322
Class: Design Error
CVE: CVE-2010-0774
Remote: Yes
Local: No
Published: May 11 2010 12:00AM
Updated: Jun 17 2011 04:00PM
Credit: IBM
Vulnerable: IBM Websphere Application Server 7.0.*
IBM Websphere Application Server 6.1.*
IBM Websphere Application Server 6.0.*
IBM Tivoli Business Service Manager 4.2.1
(See full list in original document)
Not Vulnerable: IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.0.2.41
IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability because the application fails to properly handle WebServices PKCS#7 and PKIPath tokens.
Successful exploits may allow attackers to gain unauthorized access to the service, which may lead to other attacks.
The following are vulnerable:
WebSphere Application Server prior to 6.0.2.41, 6.1.0.31, and 7.0.0.11.
Exploit:
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available; please see the references for more information.
References:
* IBM WebSphere Application Server Product Page (IBM)
* Recommended fixes for WebSphere Application Server (IBM)
* WebSphere Application Server WebServices PKIPath and PKCS#7 token type security (IBM XForce)
* websphere vulnerability (IBM)
No feedback yet
Comment feed for this postLeave a comment
Yet another Domino/Websphere Admin blog.
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
