CVE-2010-0563: Infoleak
First published: Mon Feb 08 2010(Updated: )
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-0563?
CVE-2010-0563 is considered to have a high severity due to the potential exposure of sensitive information through unencrypted network sessions.
How do I fix CVE-2010-0563?
To fix CVE-2010-0563, ensure that SSL is properly configured and enforced on the IBM WebSphere Application Server.
What versions of IBM WebSphere Application Server are affected by CVE-2010-0563?
CVE-2010-0563 affects versions 7.0.0.1 through 7.0.0.8 of IBM WebSphere Application Server.
What vulnerability does CVE-2010-0563 exploit?
CVE-2010-0563 exploits the lack of recognition of the Requires SSL configuration in the SSO functionality of IBM WebSphere Application Server.
What are the potential consequences of CVE-2010-0563?
The potential consequences of CVE-2010-0563 include remote attackers being able to sniff and capture sensitive information transmitted over the network.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/7.0.0.5
- version/ibm websphere application server feature pack for web services/7.0.0.7
- version/ibm websphere application server feature pack for web services/7.0.0.8