CVE-2010-0774

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.0 through 6.0.2.40 IBM WebSphere Application Server versions 6.1 through 6.1.0.30 IBM WebSphere Application Server versions 7.0 through 7.0.0.10

Description The issue concerns the JAX-RPC WS-Security 1.0 and JAX-WS runtime implementations in IBM WebSphere Application Server, which do not properly handle WebServices PKCS#7 and PKIPath tokens. This allows remote attackers to bypass intended access restrictions.

Recommendations For IBM WebSphere Application Server versions 6.0 through 6.0.2.40, update to version 6.0.2.41 or later. For IBM WebSphere Application Server versions 6.1 through 6.1.0.30, update to version 6.1.0.31 or later. For IBM WebSphere Application Server versions 7.0 through 7.0.0.10, update to version 7.0.0.11 or later.