CVE-2009-1174 — Improper Check for Unusual or Exceptional Conditions in IBM Websphere Application Server

CWE-310 CWE-754 — Improper Check for Unusual or Exceptional Conditions6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.2%

top 21.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel IBM Websphere Application Server

Timeline

PublishedMar 31

Latest updateDec 30

Description

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/websphere_application_server7.0, 7.0.0.1+1

▶Linuxlinux/linux_kernel5.7.0 — 6.0.19+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

OSV

vhost_vdpa: fix the crash in unmap a large memory↗2025-12-30

▶

GHSA

GHSA-f454-gp59-g2j5: The Web Services Security component in IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2009-1174: The Web Services Security component in IBM WebSphere Application Server (WAS) 6↗2009-03-31

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap↗2025-12-30

▶