← back
CVE-2009-1172

CVE-2009-1172

EPSS 1.8%
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/34131http://secunia.com/advisories/34461http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992http://www-01.ibm.com/support/docview.wss?uid=swg21367223http://www-01.ibm.com/support/docview.wss?uid=swg27007951http://www-01.ibm.com/support/docview.wss?uid=swg27014463http://www.securityfocus.com/bid/34502