CVE-2011-1209

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.39 IBM WebSphere Application Server (WAS) versions 7.0 before 7.0.0.17

Description The issue is related to a weak WS-Security XML encryption algorithm used by the software, which makes it easier for remote attackers to obtain plaintext data from a JAX-RPC or JAX-WS Web Services request. This is achieved via unspecified vectors related to a decryption attack.

Recommendations For IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.39, update to version 6.1.0.39 or later. For IBM WebSphere Application Server (WAS) versions 7.0 before 7.0.0.17, update to version 7.0.0.17 or later.