CVE-2009-0440

Name of the Vulnerable Software and Affected Versions IBM WebSphere Partner Gateway (WPG) versions 6.0.0 through 6.0.0.7

Description The issue is related to the improper handling of signature verification failures, which could allow remote authenticated users to submit a crafted RosettaNet (RNIF) document to a backend application. This is related to altered service content and digital signature foot-print.

Recommendations For IBM WebSphere Partner Gateway (WPG) versions 6.0.0 through 6.0.0.7, consider implementing additional validation checks on RosettaNet (RNIF) documents to prevent the submission of crafted documents. As a temporary workaround, restrict access to backend applications that process these documents until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.