CVE-2010-0563 Information

Description

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

Reference

http://secunia.com/advisories/38425 http://securitytracker.com/id?1023551 http://www.osvdb.org/62140 http://www.securityfocus.com/bid/38122 http://www-01.ibm.com/support/docview.wss?uid=swg21417839 http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610