CVE-2009-1172

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 through 6.1.0.22 IBM WebSphere Application Server versions 7.0 through 7.0.0.2

Description The issue is related to the JAX-RPC WS-Security runtime in the Web Services Security component, which does not properly validate UsernameToken objects when APAR PK41002 is installed. The impact and attack vectors of this issue are not specified.

Recommendations For IBM WebSphere Application Server versions 6.1 through 6.1.0.22, update to version 6.1.0.23 or later. For IBM WebSphere Application Server versions 7.0 through 7.0.0.2, update to version 7.0.0.3 or later.