CVE-2009-0440 Information

Description

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application related to (1) \altered service content\ and (2) \digital signature foot-print.\

Reference

http://secunia.com/advisories/33994 http://www.securityfocus.com/bid/33839 http://www-01.ibm.com/support/docview.wss?uid=swg21330341 http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231 https://exchange.xforce.ibmcloud.com/vulnerabilities/48530