CVE-2009-1172 Information

Feb 14, 2021 cve

Description

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 when APAR PK41002 is installed does not properly validate UsernameToken objects which has unknown impact and attack vectors.

Reference

http://secunia.com/advisories/34131 http://secunia.com/advisories/34461 http://www.securityfocus.com/bid/34502 http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992 http://www-01.ibm.com/support/docview.wss?uid=swg21367223 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Share on: