1. Home
  2. CVE Database
  3. CVE-2008-4679
MEDIUM · 6.8

CVE-2008-4679

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocat...

Vulnerability Description

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
IbmWebsphere Application Server6.0.1.1

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2008-4679?

CVE-2008-4679 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocat...

How severe is CVE-2008-4679?

CVE-2008-4679 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-4679?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.