CVE-2010-0563

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0.0.0 through 7.0.0.8

Description The Single Sign-on (SSO) functionality in IBM WebSphere Application Server does not recognize the Requires SSL configuration option. This might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

Recommendations For versions 7.0.0.0 through 7.0.0.8, consider configuring the SSO functionality to use an alternative encryption method until a fix is available. As a temporary workaround, restrict access to sensitive information over unencrypted network sessions.