Vulnerability Details CVE-2010-0563
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/38425
- http://securitytracker.com/id?1023551
- http://www-01.ibm.com/support/docview.wss?uid=swg21417839
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610
- http://www.osvdb.org/62140
- http://www.securityfocus.com/bid/38122
- http://secunia.com/advisories/38425
- http://securitytracker.com/id?1023551
- http://www-01.ibm.com/support/docview.wss?uid=swg21417839
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610
- http://www.osvdb.org/62140
- http://www.securityfocus.com/bid/38122
Products affected by CVE-2010-0563
-
cpe:2.3:a:ibm:websphere_application_server:7.0
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8