Design/Logic Flaw

2010-02-0821:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.7%

JSON

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

CPENameOperatorVersion
websphere_application_servereq7.0.0.5
websphere_application_servereq7.0
websphere_application_servereq7.0.0.8
websphere_application_servereq7.0.0.7
websphere_application_servereq7.0.0.3
websphere_application_servereq7.0.0.1

Name	Operator	Version
websphere_application_server	eq	7.0.0.5
websphere_application_server	eq	7.0
websphere_application_server	eq	7.0.0.8
websphere_application_server	eq	7.0.0.7
websphere_application_server	eq	7.0.0.3
websphere_application_server	eq	7.0.0.1

References

secunia.com/advisories/38425

securitytracker.com/id?1023551

www-01.ibm.com/support/docview.wss?uid=swg21417839

www-1.ibm.com/support/docview.wss?uid=swg1PM00610

www.osvdb.org/62140

www.securityfocus.com/bid/38122