IBM WebSphere Application Server WS-Security Policy Unspecified Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to unspecified vulnerability.

Impact

Unspecified impact and remote attack vectors. Impact Level: Application

Solution

Apply the fix pack 7.0.0.13 or later, http://www-01.ibm.com/support/docview.wss?uid=swg21443736 ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The flaw is caused by an unspecified error when using a WS-Security enabled JAX-WS web service application while the WS-Security policy specifies 'IncludeTimestamp'.

Affected

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13

References

http://www-01.ibm.com/support/docview.wss?uid=swg24027708
http://www-01.ibm.com/support/docview.wss?uid=swg24027709
http://www.vupen.com/english/advisories/2010/2215

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3186
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability
Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
Null HTTPd Server Content-Length HTTP Header Buffer overflow Vulnerability

IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability

Take action and discover your vulnerabilities