Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0440

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-0440
Last Modified 23 Feb 2009 12:00:00
Published 22 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0440

Summary

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

Vulnerable Systems

Application

  • Ibm Websphere Partner Gateway 6.0.0

  • Ibm Websphere Partner Gateway 6.0.0.1

  • Ibm Websphere Partner Gateway 6.0.0.2

  • Ibm Websphere Partner Gateway 6.0.0.3

  • Ibm Websphere Partner Gateway 6.0.0.4

  • Ibm Websphere Partner Gateway 6.0.0.5

  • Ibm Websphere Partner Gateway 6.0.0.6

  • Ibm Websphere Partner Gateway 6.0.0.7


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21330341

XF - websphere-pgateway-rnif-signatures(48530)

BID - 33839

AIXAPAR - JR31231

SECUNIA - 33994


Last Updated: 27 May 2016 10:50:14