CVE-2009-2088
First published: Thu Aug 13 2009(Updated: )
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.20 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2088?
CVE-2009-2088 is considered a high severity vulnerability due to its potential to allow remote attackers to bypass authentication.
How do I fix CVE-2009-2088?
To fix CVE-2009-2088, you should upgrade IBM WebSphere Application Server to version 6.1.0.25 or later for 6.1, and 7.0.0.5 or later for 7.0.
What are the affected versions of IBM WebSphere Application Server for CVE-2009-2088?
CVE-2009-2088 affects IBM WebSphere Application Server versions 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5.
What component is vulnerable in CVE-2009-2088?
The vulnerable component in CVE-2009-2088 is the Servlet Engine/Web Container of IBM WebSphere Application Server.
Can CVE-2009-2088 be exploited remotely?
Yes, CVE-2009-2088 can be exploited remotely, allowing attackers to bypass authentication safeguards.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.4
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.1.0.6
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.1.0.8
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/6.1.0.10
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.1.0.16
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.18
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.1.0.20
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.22
- version/ibm websphere application server feature pack for web services/6.1.0.23
- version/ibm websphere application server feature pack for web services/6.1.0.24
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/7.0.0.4