NVD

Id
48205  
Name
CVE-2009-0891  
Description
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.  
Reject
 
CVSS Version
2  
CVSS Score
5.5  
Severity
Medium  
CVSS Base Score
5.5  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-03-24  
Modified Date
2014-10-24  
Seq
2009-0891  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
242266 48205 CVE-2009-0891 http://www-01.ibm.com/support/docview.wss?uid=swg27006876  View
242267 48205 CVE-2009-0891 http://www-01.ibm.com/support/docview.wss?uid=swg27007951  View
242268 48205 CVE-2009-0891 http://www-01.ibm.com/support/docview.wss?uid=swg27014463  View
242269 48205 CVE-2009-0891 PK66676  View
242270 48205 CVE-2009-0891 websphere-ws-security-session-hijacking(49391)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40148 JVNDB-2009-001154 IBM WebSphere Application Server の Web Services Security コンポーネントにおけるセッションハイジャックの脆弱性 IBM WebSphere Application Server の Web Services Security コンポーネントには、nonce および timestamp 有効期限の値を正しく処理できないため、セッションハイジャック攻撃をされる脆弱性が存在します。 CVE-2009-0891 38322 CVE-2009-0891 48205 5.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001154.html 2009-03-25 2009-04-20 View