Lucene search

[email protected]NVD:CVE-2008-4679

HistoryOct 22, 2008 - 6:00 p.m.

CVE-2008-4679

2008-10-2218:00:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.011

Percentile

84.7%

JSON

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the “Java security method” from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

VendorProductVersionCPE
ibmwebsphere_application_server6.0.1.1cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.2cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.3cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.5cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.7cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.9cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.11cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.13cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.15cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.17cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.0.1.1	cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:::::::*
ibm	websphere_application_server	6.0.1.2	cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::*
ibm	websphere_application_server	6.0.1.3	cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:::::::*
ibm	websphere_application_server	6.0.1.5	cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:::::::*
ibm	websphere_application_server	6.0.1.7	cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:::::::*
ibm	websphere_application_server	6.0.1.9	cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:::::::*
ibm	websphere_application_server	6.0.1.11	cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:::::::*
ibm	websphere_application_server	6.0.1.13	cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:::::::*
ibm	websphere_application_server	6.0.1.15	cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:::::::*
ibm	websphere_application_server	6.0.1.17	cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:::::::*

Rows per page:

1-10 of 261

References

secunia.com/advisories/32296

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-1.ibm.com/support/docview.wss?uid=swg1PK61258

www.securityfocus.com/bid/31839

www.vupen.com/english/advisories/2008/2871

exchange.xforce.ibmcloud.com/vulnerabilities/46002

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.011

Percentile

84.7%

JSON

Related for NVD:CVE-2008-4679

cvelist1 prion1 cve1 seebug1 nessus1