76563 : IBM WebSphere Application Server for z/OS JAX-WS Applications WS-Security Policy Unspecified Issue
Printer | http://osvdb.org/76563 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
4	632	over 1 year ago	20 days ago	12 times	65%

Timeline

Disclosure Date
2011-10-19

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1377" target="_blank">CVE</a>)</em> : The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

Classification

Location: Remote / Network Access
Attack Type: Attack Type Unknown
Impact: Impact Unknown
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 6.1.0.41 or higher when it is made available, as it has been reported to fix this vulnerability. In addition, IBM has released a patch for some older versions.

Products

IBM Corporation

Tivoli Storage Productivity Center

5.1.0

References

Security Tracker: 1027486
CVE ID: 2011-1377 (see also: NVD)
Secunia Advisory ID: 46469 49793 50416 51043 52947 53255
Bugtraq ID: 50310
ISS X-Force ID: 72299
Related OSVDB ID: 76564
Other Advisory URL: http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792 [ Link is 404 ]
Vendor Specific News/Changelog Entry: http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205
http://www-01.ibm.com/support/docview.wss?uid=swg21635958
http://www-01.ibm.com/support/docview.wss?uid=swg27011716
http://www.ibm.com/support/docview.wss?uid=swg21587536
http://www.ibm.com/support/docview.wss?uid=swg21612744
http://www.ibm.com/support/docview.wss?uid=swg24032885
http://www.ibm.com/support/docview.wss?uid=swg24033364
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tivoli_storage_productivity_center_5_1_0_clients_affected_by_vulnerabilities_in_websphere_application_server_cve_2011_1377

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2012-01-16 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.