Lucene search
MitreCVE-2009-0904HistoryJul 05, 2009 - 4:30 p.m.
CVE-2009-0904
2009-07-0516:30:00
CWE-264
mitre
web.nvd.nist.gov
26
ibm
stax xmlstreamwriter
websphere application server
cve-2009-0904
nvd
xml encoding
soap requests
security vulnerability
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.4%
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via โXML fuzzing attacksโ sent through SOAP requests.
Affected configurations
Node
ibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.4
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.6
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.8
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.10
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.14
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.16
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.18
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.20
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.22
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.1
ORibmwebsphere_application_serverMatch6.1.13
ORibmwebsphere_application_serverMatch6.1.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 6.1 | cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0 | cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.1 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.3 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.4 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.5 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.6 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.7 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.8 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:* |
Related
seebug
seebug
IBM WebSphere Application Server Stax XMLStreamWriteๅฎๅ
จ็ป่ฟๆผๆด
2009-07-21 00:00:00
prion
prion
Design/Logic Flaw
2009-07-05 16:30:00
cvelist
cvelist
CVE-2009-0904
2009-07-05 16:00:00
nvd
nvd
CVE-2009-0904
2009-07-05 16:30:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities
2009-06-19 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.4%
Related for CVE-2009-0904