Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0904

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2009-0904
Last Modified 22 Jul 2009 03:08:24
Published 05 Jul 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0904

Summary

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.10

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.14

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.16

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.18

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.20

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.22

  • Ibm Websphere Application Server 6.1.0.23

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.4

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.6

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.8

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 6.1.1

  • Ibm Websphere Application Server 6.1.13

  • Ibm Websphere Application Server 6.1.14


References

XF - websphere-soap-security-bypass(51490)

BID - 35741

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27007951


Last Updated: 27 May 2016 10:50:24