CVE-2009-1953 Information

Description

IBM FileNet Content Manager 4.0 4.0.1 and 4.5 as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server when the CE Web Services listener has a certain WSEAF configuration does not properly restrict use of a cached Subject which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Reference

http://secunia.com/advisories/35347 http://www.securityfocus.com/bid/35228 http://www.vupen.com/english/advisories/2009/1512 http://www-01.ibm.com/support/docview.wss?uid=swg21389281