Lucene search
HistoryJul 07, 2011 - 9:55 p.m.
CVE-2011-1224
ibm websphere mq
crl distribution points
ssl partner spoofing
certificate extension
cve-2011-1224
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.8%
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.
Affected configurations
Node
ibmwebsphere_mqMatch6.0
ORibmwebsphere_mqMatch6.0.1.0
ORibmwebsphere_mqMatch6.0.1.1
ORibmwebsphere_mqMatch6.0.2.0
ORibmwebsphere_mqMatch6.0.2.1
ORibmwebsphere_mqMatch6.0.2.2
ORibmwebsphere_mqMatch6.0.2.3
ORibmwebsphere_mqMatch6.0.2.4
ORibmwebsphere_mqMatch6.0.2.5
ORibmwebsphere_mqMatch6.0.2.6
ORibmwebsphere_mqMatch6.0.2.7
ORibmwebsphere_mqMatch6.0.2.8
ORibmwebsphere_mqMatch6.0.2.9
ORibmwebsphere_mqMatch6.0.2.10
Node
ibmwebsphere_mqMatch7.0
ORibmwebsphere_mqMatch7.0.0.1
ORibmwebsphere_mqMatch7.0.0.2
ORibmwebsphere_mqMatch7.0.1.0
ORibmwebsphere_mqMatch7.0.1.1
ORibmwebsphere_mqMatch7.0.1.2
ORibmwebsphere_mqMatch7.0.1.3
ORibmwebsphere_mqMatch7.0.1.4
Related
nvd
nvd
CVE-2011-1224
2011-07-07 21:55:01
prion
prion
Code injection
2011-07-07 21:55:00
cvelist
cvelist
CVE-2011-1224
2011-07-07 21:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.8%
Related for CVE-2011-1224