INFORMATION

Name : CVE-2010-0563 First Publication : 2010-02-08
Severity : Medium Last Modification : 2010-02-09

SCORING CVSS v2

Cvss Base Score : 5 Attack Range : Network
Cvss Impact Score : 2.9 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.



CWE COMMON WEAKNESS ENUMERATION

CWE-200 - Information Exposure

CPE COMMON PLATFORM ENUMERATION


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62140 : IBM WebSphere Application Server Single Sign-on Requires SSL Function Weakness.


SECONDARY(S) SOURCE(S)


Source : AIXAPAR
Url : http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610

Source : BID
Url : http://www.securityfocus.com/bid/38122

Source : CONFIRM
Url : http://www-01.ibm.com/support/docview.wss?uid=swg21417839

Source : OSVDB
Url : http://www.osvdb.org/62140

Source : SECTRACK
Url : http://securitytracker.com/id?1023551

Source : SECUNIA
Url : http://secunia.com/advisories/38425