Vulnerability Description
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 7.0 |
| Ibm | Websphere Message Broker | 6.1 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026
- http://www-01.ibm.com/support/docview.wss?uid=swg21634646Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21635474Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81548
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026
- http://www-01.ibm.com/support/docview.wss?uid=swg21634646Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21635474Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81548
FAQ
What is CVE-2013-0482?
CVE-2013-0482 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security...
How severe is CVE-2013-0482?
CVE-2013-0482 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0482?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server, Ibm Websphere Message Broker.