[SingCERT] IBM WebSphere Application Server ‘Requires SSL’ Option Security Bypass Vulnerability

Main Menu

Mailing List

[SingCERT] IBM WebSphere Application Server ‘Requires SSL’ Option Security Bypass Vulnerability

Last Updated on Monday, 08 February 2010 11:54

Attention: open in a new window.

[ Summary ]

IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability because it fails to properly detect the 'Requires SSL' option for Single Sign-on (SSO).

[ Impact Analysis ]

Successful exploits may allow attackers to bypass certain security restrictions, which may lead to other attacks.

[ Solution/Workaround ]

The vendor has released updates. Please see the references for details.

[ Reference ]

http://www-01.ibm.com/support/docview.wss?uid=swg21417839

Normal 0 false false false EN-SG X-NONE X-NONE

IBM Websphere Application Server 7.0

IBM Websphere Application Server 7.0.0 .8 IBM Websphere Application Server 7.0.0 1 IBM Websphere Application Server 7.0.0 3 IBM Websphere Application Server 7.0.0 5 IBM Websphere Application Server 7.0.0 7

< Prev		Next >

Search, View and Navigation

Main Menu

Mailing List

Archive

[SingCERT] IBM WebSphere Application Server ‘Requires SSL’ Option Security Bypass Vulnerability

Additional Information

Symantec Security Alerts