CVE-2009-0891 : Detail

CVE-2009-0891

Authorization problems
A07-Identif. and Authent. Fail
0.15%V3
Network
2009-03-25
00h00 +00:00
2017-08-16
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics Score Severity CVSS Vector Source
V2 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Ibm>>Websphere_application_server >> Version 6.0.2

Ibm>>Websphere_application_server >> Version 6.0.2

    Ibm>>Websphere_application_server >> Version 6.0.2.1

    Ibm>>Websphere_application_server >> Version 6.0.2.2

    Ibm>>Websphere_application_server >> Version 6.0.2.3

    Ibm>>Websphere_application_server >> Version 6.0.2.4

    Ibm>>Websphere_application_server >> Version 6.0.2.5

    Ibm>>Websphere_application_server >> Version 6.0.2.6

    Ibm>>Websphere_application_server >> Version 6.0.2.7

    Ibm>>Websphere_application_server >> Version 6.0.2.8

    Ibm>>Websphere_application_server >> Version 6.0.2.9

    Ibm>>Websphere_application_server >> Version 6.0.2.10

      Ibm>>Websphere_application_server >> Version 6.0.2.11

      Ibm>>Websphere_application_server >> Version 6.0.2.12

        Ibm>>Websphere_application_server >> Version 6.0.2.13

        Ibm>>Websphere_application_server >> Version 6.0.2.14

          Ibm>>Websphere_application_server >> Version 6.0.2.15

          Ibm>>Websphere_application_server >> Version 6.0.2.16

            Ibm>>Websphere_application_server >> Version 6.0.2.17

            Ibm>>Websphere_application_server >> Version 6.0.2.18

              Ibm>>Websphere_application_server >> Version 6.0.2.19

              Ibm>>Websphere_application_server >> Version 6.0.2.20

                Ibm>>Websphere_application_server >> Version 6.0.2.21

                  Ibm>>Websphere_application_server >> Version 6.0.2.22

                  Ibm>>Websphere_application_server >> Version 6.0.2.23

                  Ibm>>Websphere_application_server >> Version 6.0.2.24

                  Ibm>>Websphere_application_server >> Version 6.0.2.25

                  Ibm>>Websphere_application_server >> Version 6.0.2.27

                  Ibm>>Websphere_application_server >> Version 6.0.2.28

                  Ibm>>Websphere_application_server >> Version 6.0.2.29

                  Ibm>>Websphere_application_server >> Version 6.0.2.30

                  Ibm>>Websphere_application_server >> Version 6.0.2.31

                  Ibm>>Websphere_application_server >> Version 6.0.2.32

                  Ibm>>Websphere_application_server >> Version 6.1

                  Ibm>>Websphere_application_server >> Version 6.1.0

                  Ibm>>Websphere_application_server >> Version 6.1.0.0

                  Ibm>>Websphere_application_server >> Version 6.1.0.1

                  Ibm>>Websphere_application_server >> Version 6.1.0.2

                  Ibm>>Websphere_application_server >> Version 6.1.0.3

                  Ibm>>Websphere_application_server >> Version 6.1.0.4

                    Ibm>>Websphere_application_server >> Version 6.1.0.5

                    Ibm>>Websphere_application_server >> Version 6.1.0.6

                      Ibm>>Websphere_application_server >> Version 6.1.0.7

                      Ibm>>Websphere_application_server >> Version 6.1.0.8

                        Ibm>>Websphere_application_server >> Version 6.1.0.9

                        Ibm>>Websphere_application_server >> Version 6.1.0.10

                          Ibm>>Websphere_application_server >> Version 6.1.0.11

                          Ibm>>Websphere_application_server >> Version 6.1.0.12

                          Ibm>>Websphere_application_server >> Version 6.1.0.13

                          Ibm>>Websphere_application_server >> Version 6.1.0.14

                          Ibm>>Websphere_application_server >> Version 6.1.0.15

                          Ibm>>Websphere_application_server >> Version 6.1.0.16

                            Ibm>>Websphere_application_server >> Version 6.1.0.17

                            Ibm>>Websphere_application_server >> Version 6.1.0.18

                              Ibm>>Websphere_application_server >> Version 6.1.0.19

                              Ibm>>Websphere_application_server >> Version 6.1.0.20

                                Ibm>>Websphere_application_server >> Version 6.1.0.21

                                Ibm>>Websphere_application_server >> Version 6.1.0.22

                                  Ibm>>Websphere_application_server >> Version 7.0

                                  References

                                  http://secunia.com/advisories/34131
                                  Tags : third-party-advisory, x_refsource_SECUNIA