CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0891

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.2%

CVSS Severity

CVSS v2 Score 5.5

References

Products affected by CVE-2009-0891

Ibm » Websphere Application Server » Version: 6.0.2

cpe:2.3:a:ibm:websphere_application_server:6.0.2
Ibm » Websphere Application Server » Version: 6.0.2.1

cpe:2.3:a:ibm:websphere_application_server:6.0.2.1
Ibm » Websphere Application Server » Version: 6.0.2.10

cpe:2.3:a:ibm:websphere_application_server:6.0.2.10
Ibm » Websphere Application Server » Version: 6.0.2.11

cpe:2.3:a:ibm:websphere_application_server:6.0.2.11
Ibm » Websphere Application Server » Version: 6.0.2.12

cpe:2.3:a:ibm:websphere_application_server:6.0.2.12
Ibm » Websphere Application Server » Version: 6.0.2.13

cpe:2.3:a:ibm:websphere_application_server:6.0.2.13
Ibm » Websphere Application Server » Version: 6.0.2.14

cpe:2.3:a:ibm:websphere_application_server:6.0.2.14
Ibm » Websphere Application Server » Version: 6.0.2.15

cpe:2.3:a:ibm:websphere_application_server:6.0.2.15
Ibm » Websphere Application Server » Version: 6.0.2.16

cpe:2.3:a:ibm:websphere_application_server:6.0.2.16
Ibm » Websphere Application Server » Version: 6.0.2.17

cpe:2.3:a:ibm:websphere_application_server:6.0.2.17
Ibm » Websphere Application Server » Version: 6.0.2.18

cpe:2.3:a:ibm:websphere_application_server:6.0.2.18
Ibm » Websphere Application Server » Version: 6.0.2.19

cpe:2.3:a:ibm:websphere_application_server:6.0.2.19
Ibm » Websphere Application Server » Version: 6.0.2.2

cpe:2.3:a:ibm:websphere_application_server:6.0.2.2
Ibm » Websphere Application Server » Version: 6.0.2.20

cpe:2.3:a:ibm:websphere_application_server:6.0.2.20
Ibm » Websphere Application Server » Version: 6.0.2.21

cpe:2.3:a:ibm:websphere_application_server:6.0.2.21
Ibm » Websphere Application Server » Version: 6.0.2.22

cpe:2.3:a:ibm:websphere_application_server:6.0.2.22
Ibm » Websphere Application Server » Version: 6.0.2.23

cpe:2.3:a:ibm:websphere_application_server:6.0.2.23
Ibm » Websphere Application Server » Version: 6.0.2.24

cpe:2.3:a:ibm:websphere_application_server:6.0.2.24
Ibm » Websphere Application Server » Version: 6.0.2.25

cpe:2.3:a:ibm:websphere_application_server:6.0.2.25
Ibm » Websphere Application Server » Version: 6.0.2.27

cpe:2.3:a:ibm:websphere_application_server:6.0.2.27
Ibm » Websphere Application Server » Version: 6.0.2.28

cpe:2.3:a:ibm:websphere_application_server:6.0.2.28
Ibm » Websphere Application Server » Version: 6.0.2.29

cpe:2.3:a:ibm:websphere_application_server:6.0.2.29
Ibm » Websphere Application Server » Version: 6.0.2.3

cpe:2.3:a:ibm:websphere_application_server:6.0.2.3
Ibm » Websphere Application Server » Version: 6.0.2.30

cpe:2.3:a:ibm:websphere_application_server:6.0.2.30
Ibm » Websphere Application Server » Version: 6.0.2.31

cpe:2.3:a:ibm:websphere_application_server:6.0.2.31
Ibm » Websphere Application Server » Version: 6.0.2.32

cpe:2.3:a:ibm:websphere_application_server:6.0.2.32
Ibm » Websphere Application Server » Version: 6.0.2.4

cpe:2.3:a:ibm:websphere_application_server:6.0.2.4
Ibm » Websphere Application Server » Version: 6.0.2.5

cpe:2.3:a:ibm:websphere_application_server:6.0.2.5
Ibm » Websphere Application Server » Version: 6.0.2.6

cpe:2.3:a:ibm:websphere_application_server:6.0.2.6
Ibm » Websphere Application Server » Version: 6.0.2.7

cpe:2.3:a:ibm:websphere_application_server:6.0.2.7
Ibm » Websphere Application Server » Version: 6.0.2.8

cpe:2.3:a:ibm:websphere_application_server:6.0.2.8
Ibm » Websphere Application Server » Version: 6.0.2.9

cpe:2.3:a:ibm:websphere_application_server:6.0.2.9
Ibm » Websphere Application Server » Version: 6.1

cpe:2.3:a:ibm:websphere_application_server:6.1
Ibm » Websphere Application Server » Version: 6.1.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0
Ibm » Websphere Application Server » Version: 6.1.0.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0.0
Ibm » Websphere Application Server » Version: 6.1.0.1

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1
Ibm » Websphere Application Server » Version: 6.1.0.10

cpe:2.3:a:ibm:websphere_application_server:6.1.0.10
Ibm » Websphere Application Server » Version: 6.1.0.11

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11
Ibm » Websphere Application Server » Version: 6.1.0.12

cpe:2.3:a:ibm:websphere_application_server:6.1.0.12
Ibm » Websphere Application Server » Version: 6.1.0.13

cpe:2.3:a:ibm:websphere_application_server:6.1.0.13
Ibm » Websphere Application Server » Version: 6.1.0.14

cpe:2.3:a:ibm:websphere_application_server:6.1.0.14
Ibm » Websphere Application Server » Version: 6.1.0.15

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15
Ibm » Websphere Application Server » Version: 6.1.0.16

cpe:2.3:a:ibm:websphere_application_server:6.1.0.16
Ibm » Websphere Application Server » Version: 6.1.0.17

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17
Ibm » Websphere Application Server » Version: 6.1.0.18

cpe:2.3:a:ibm:websphere_application_server:6.1.0.18
Ibm » Websphere Application Server » Version: 6.1.0.19

cpe:2.3:a:ibm:websphere_application_server:6.1.0.19
Ibm » Websphere Application Server » Version: 6.1.0.2

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2
Ibm » Websphere Application Server » Version: 6.1.0.20

cpe:2.3:a:ibm:websphere_application_server:6.1.0.20
Ibm » Websphere Application Server » Version: 6.1.0.21

cpe:2.3:a:ibm:websphere_application_server:6.1.0.21
Ibm » Websphere Application Server » Version: 6.1.0.22

cpe:2.3:a:ibm:websphere_application_server:6.1.0.22
Ibm » Websphere Application Server » Version: 6.1.0.3

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3
Ibm » Websphere Application Server » Version: 6.1.0.4

cpe:2.3:a:ibm:websphere_application_server:6.1.0.4
Ibm » Websphere Application Server » Version: 6.1.0.5

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5
Ibm » Websphere Application Server » Version: 6.1.0.6

cpe:2.3:a:ibm:websphere_application_server:6.1.0.6
Ibm » Websphere Application Server » Version: 6.1.0.7

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7
Ibm » Websphere Application Server » Version: 6.1.0.8

cpe:2.3:a:ibm:websphere_application_server:6.1.0.8
Ibm » Websphere Application Server » Version: 6.1.0.9

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9
Ibm » Websphere Application Server » Version: 7.0

cpe:2.3:a:ibm:websphere_application_server:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0891

Products

Pricing

Contact Us