CVE-2008-7274 Information

Description

IBM WebSphere Application Server (WAS) 6.1.0.9 when the JAAS Login functionality is enabled allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565