CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1172

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile44.96th
Published2009年3月31日
Last Modified2026年4月23日

Vulnerability Description

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

Affected Platforms (CPE)

📦
Ibm

Websphere Application Server

= 6.1
📦
Ibm

Websphere Application Server

= 6.1.0
📦
Ibm

Websphere Application Server

= 6.1.0.0
📦
Ibm

Websphere Application Server

= 6.1.0.1
📦
Ibm

Websphere Application Server

= 6.1.0.2
📦
Ibm

Websphere Application Server

= 6.1.0.3
📦
Ibm

Websphere Application Server

= 6.1.0.4
📦
Ibm

Websphere Application Server

= 6.1.0.5
📦
Ibm

Websphere Application Server

= 6.1.0.6
📦
Ibm

Websphere Application Server

= 6.1.0.7
📦
Ibm

Websphere Application Server

= 6.1.0.8
📦
Ibm

Websphere Application Server

= 6.1.0.9
📦
Ibm

Websphere Application Server

= 6.1.0.10
📦
Ibm

Websphere Application Server

= 6.1.0.11
📦
Ibm

Websphere Application Server

= 6.1.0.12
📦
Ibm

Websphere Application Server

= 6.1.0.13
📦
Ibm

Websphere Application Server

= 6.1.0.14
📦
Ibm

Websphere Application Server

= 6.1.0.15
📦
Ibm

Websphere Application Server

= 6.1.0.16
📦
Ibm

Websphere Application Server

= 6.1.0.17
📦
Ibm

Websphere Application Server

= 6.1.0.18
📦
Ibm

Websphere Application Server

= 6.1.0.19
📦
Ibm

Websphere Application Server

= 6.1.0.20
📦
Ibm

Websphere Application Server

= 6.1.0.21
📦
Ibm

Websphere Application Server

= 6.1.0.22
📦
Ibm

Websphere Application Server

= 7.0
📦
Ibm

Websphere Application Server

= 7.0.0.1

References & Advisories

🔗 http://secunia.com/advisories/34131
🔗 http://secunia.com/advisories/34461
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21367223
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg27007951
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg27014463
🔗 http://www.securityfocus.com/bid/34502
🔗 http://secunia.com/advisories/34131

関連する脆弱性情報

CVE-2006-242910.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...

CVE-2006-243010.0

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plainte...

CVE-2000-084810.0

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Hos...

CVE-2006-243310.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...

CVE-2009-1172 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space