PT-2013-4820 · Ibm · Was Feature Pack For Web Services+1

Publicado

2013-09-20

·

Atualizado

2017-08-29

·

CVE-2013-4053

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 before 6.1.0.47 IBM WebSphere Application Server versions 7.0 before 7.0.0.31 IBM WebSphere Application Server versions 8.0 before 8.0.0.8 IBM WebSphere Application Server versions 8.5 before 8.5.5.1 WAS Feature Pack for Web Services versions 6.1 before 6.1.0.47
Description The WS-Security implementation in IBM WebSphere Application Server does not properly verify X.509 certificates when a trust store is configured for XML Digital Signatures. This allows remote attackers to obtain privileged access via unspecified vectors.
Recommendations For IBM WebSphere Application Server version 6.1, update to version 6.1.0.47 or later. For IBM WebSphere Application Server version 7.0, update to version 7.0.0.31 or later. For IBM WebSphere Application Server version 8.0, update to version 8.0.0.8 or later. For IBM WebSphere Application Server version 8.5, update to version 8.5.5.1 or later. For WAS Feature Pack for Web Services version 6.1, update to version 6.1.0.47 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2013-4053

Produtos afetados

Ibm Websphere Application Server
Was Feature Pack For Web Services