Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0892

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2009-0892
Last Modified 16 Apr 2009 01:38:10
Published 31 Mar 2009 10:09:53
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0892

Summary

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.10

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.14

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.16

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.18

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.20

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.22

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.4

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.6

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.8

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014463

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27007951

XF - websphere-console-session-hijacking(49499)

BID - 34501

SECUNIA - 34131


Last Updated: 27 May 2016 10:50:24