Vulnerability Description
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/34131Vendor Advisory
- http://secunia.com/advisories/34461Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992
- http://www-01.ibm.com/support/docview.wss?uid=swg21367223
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463Patch
- http://www.securityfocus.com/bid/34502
- http://secunia.com/advisories/34131Vendor Advisory
- http://secunia.com/advisories/34461Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992
- http://www-01.ibm.com/support/docview.wss?uid=swg21367223
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463Patch
- http://www.securityfocus.com/bid/34502
FAQ
What is CVE-2009-1172?
CVE-2009-1172 is a vulnerability with a CVSS score of 10.0 (HIGH). The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not pr...
How severe is CVE-2009-1172?
CVE-2009-1172 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1172?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.