CVE-2011-1209

Опубликовано: 04 мая 2011

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00126

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-c833-h92x-3p97

github

больше 3 лет назад