CVE-2013-4053

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 before 6.1.0.47 IBM WebSphere Application Server versions 7.0 before 7.0.0.31 IBM WebSphere Application Server versions 8.0 before 8.0.0.8 IBM WebSphere Application Server versions 8.5 before 8.5.5.1 WAS Feature Pack for Web Services versions 6.1 before 6.1.0.47

Description The WS-Security implementation in IBM WebSphere Application Server does not properly verify X.509 certificates when a trust store is configured for XML Digital Signatures. This allows remote attackers to obtain privileged access via unspecified vectors.

Recommendations For IBM WebSphere Application Server version 6.1, update to version 6.1.0.47 or later. For IBM WebSphere Application Server version 7.0, update to version 7.0.0.31 or later. For IBM WebSphere Application Server version 8.0, update to version 8.0.0.8 or later. For IBM WebSphere Application Server version 8.5, update to version 8.5.5.1 or later. For WAS Feature Pack for Web Services version 6.1, update to version 6.1.0.47 or later.