Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0436

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2009-0436
Last Modified 17 Jun 2009 12:00:00
Published 10 Feb 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0436

Summary

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.0

  • Ibm Websphere Application Server 6.0.0.1

  • Ibm Websphere Application Server 6.0.0.2

  • Ibm Websphere Application Server 6.0.0.3

  • Ibm Websphere Application Server 6.0.1

  • Ibm Websphere Application Server 6.0.1.1

  • Ibm Websphere Application Server 6.0.1.11

  • Ibm Websphere Application Server 6.0.1.13

  • Ibm Websphere Application Server 6.0.1.15

  • Ibm Websphere Application Server 6.0.1.17

  • Ibm Websphere Application Server 6.0.1.2

  • Ibm Websphere Application Server 6.0.1.3

  • Ibm Websphere Application Server 6.0.1.5

  • Ibm Websphere Application Server 6.0.1.7

  • Ibm Websphere Application Server 6.0.1.9

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.11

  • Ibm Websphere Application Server 6.0.2.13

  • Ibm Websphere Application Server 6.0.2.15

  • Ibm Websphere Application Server 6.0.2.17

  • Ibm Websphere Application Server 6.0.2.19

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.22

  • Ibm Websphere Application Server 6.0.2.23

  • Ibm Websphere Application Server 6.0.2.24

  • Ibm Websphere Application Server 6.0.2.25

  • Ibm Websphere Application Server 6.0.2.27

  • Ibm Websphere Application Server 6.0.2.28

  • Ibm Websphere Application Server 6.0.2.29

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.30

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7

  • Ibm Websphere Application Server 6.0.2.9

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.10

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.14

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.16

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.18

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.4

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.6

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.8

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 6.1.13


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27008517

MISC - http://www-01.ibm.com/support/docview.wss?uid=swg27007951

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27007033

MISC - http://www-01.ibm.com/support/docview.wss?uid=swg27006876

XF - websphere-http-afunix-incorrect-permissions(48526)

BID - 33700


Last Updated: 27 May 2016 10:50:14