CVE-2010-0774 — IBM Websphere Application Server vulnerability

CWE-2645 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 65.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 17

Latest updateMay 2

Description

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server76 versions+75

🔴Vulnerability Details

GHSA

GHSA-q7rh-6wjh-vj6q: The (1) JAX-RPC WS-Security 1↗2022-05-02

▶

CVEList

CVE-2010-0774: The (1) JAX-RPC WS-Security 1↗2010-05-17

▶

💥Exploits & PoCs

Exploit-DB

Apache Tomcat mod_jk 1.2.20 - Remote Buffer Overflow (Metasploit)↗2010-07-25

▶

💬Community

Bugzilla

CVE-2009-5005 qpid: crash on receipt of invalid AMQP data↗2010-10-12

▶