IBM WebSphere Application Server WS-Security Policy Unspecified Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to unspecified vulnerability.

Impact

Unspecified impact and remote attack vectors. Impact Level: Application

Solution

Apply the fix pack 7.0.0.13 or later, http://www-01.ibm.com/support/docview.wss?uid=swg21443736 ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The flaw is caused by an unspecified error when using a WS-Security enabled JAX-WS web service application while the WS-Security policy specifies 'IncludeTimestamp'.

Affected

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13

References

http://www-01.ibm.com/support/docview.wss?uid=swg24027708
http://www-01.ibm.com/support/docview.wss?uid=swg24027709
http://www.vupen.com/english/advisories/2010/2215

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3186

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

RDS / MDAC Vulnerability (msadcs.dll) located
Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability
nginx HTTP Request Remote Buffer Overflow Vulnerability
IIS Remote Command Execution
Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability

IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability

Take action and discover your vulnerabilities