Описание
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-3186
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61435
- http://osvdb.org/67570
- http://secunia.com/advisories/41173
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014
- http://www-01.ibm.com/support/docview.wss?uid=swg21443736
- http://www-01.ibm.com/support/docview.wss?uid=swg24027708
- http://www-01.ibm.com/support/docview.wss?uid=swg24027709
- http://www.vupen.com/english/advisories/2010/2215
Связанные уязвимости
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.