Sign-up

ID

VAR-201002-0160


CVE

CVE-2010-0563


TITLE

IBM WebSphere Application Server of Single Sign-on Vulnerabilities that capture important information on functions

Trust: 0.8

sources: JVNDB: JVNDB-2010-001085

DESCRIPTION

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. Based on the Java and Servlet engines, the IBM Websphere Application Server supports a variety of HTTP services to help users with everything from development and release to maintaining interactive, dynamic websites. IBM WebSphere Application Server (WAS) is prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass certain security restrictions, which may lead to other attacks. This issue affects WAS 7.0 through 7.0.0.8

Trust: 2.43

sources: NVD: CVE-2010-0563 // JVNDB: JVNDB-2010-001085 // CNVD: CNVD-2010-0217 // BID: 38122

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0217

AFFECTED PRODUCTS

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.7

Trust: 1.9

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.1

Trust: 1.9

vendor:ibmmodel:websphere application serverscope:eqversion:7.0

Trust: 1.9

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.5

Trust: 1.9

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.3

Trust: 1.6

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.8

Trust: 1.6

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.0 to 7.0.0.8

Trust: 0.8

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.0-7.0.0.8

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:7.03

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.8

Trust: 0.3

sources: NVD: CVE-2010-0563 // CNNVD: CNNVD-201002-068 // CNVD: CNVD-2010-0217 // JVNDB: JVNDB-2010-001085 // BID: 38122

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0563
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201002-068
value: MEDIUM

Trust: 0.6

NVD: CVE-2010-0563
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

sources: NVD: CVE-2010-0563 // CNNVD: CNNVD-201002-068 // JVNDB: JVNDB-2010-001085

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: NVD: CVE-2010-0563 // JVNDB: JVNDB-2010-001085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-068

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201002-068

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-0563

PATCH
title:1417839url:http://www-01.ibm.com/support/docview.wss?uid=swg21417839
Trust: 0.8
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2938
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2942
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2946
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2950
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2954
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2958
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2962
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2966
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2970
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2937
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2941
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2945
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2949
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2953
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2957
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2961
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2965
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2969
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2936
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2940
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2944
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2948
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2952
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2956
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2960
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2964
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2968
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2935
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2939
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2943
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2947
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2951
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2955
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2959
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2963
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2967
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=2971
Trust: 0.6
title:IBM WebSphere Application Server Requires SSL option bypasses security-restricted vulnerability patchesurl:https://www.cnvd.org.cn/patchinfo/show/2381
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201002-068 // 
            
            
            
            CNVD: CNVD-2010-0217 // 
            
            
            
            JVNDB: JVNDB-2010-001085

EXTERNAL IDS
db:NVDid:CVE-2010-0563
Trust: 3.3
db:SECUNIAid:38425
Trust: 3.0
db:BIDid:38122
Trust: 2.7
db:OSVDBid:62140
Trust: 2.4
db:SECTRACKid:1023551
Trust: 1.4
db:VUPENid:ADV-2010-0316
Trust: 0.8
db:JVNDBid:JVNDB-2010-001085
Trust: 0.8
db:NSFOCUSid:14472
Trust: 0.6
db:AIXAPARid:PM00610
Trust: 0.6
db:CNNVDid:CNNVD-201002-068
Trust: 0.6
db:CNVDid:CNVD-2010-0217
Trust: 0.6
sources:
            
            
            NVD: CVE-2010-0563 // 
            
            
            
            CNNVD: CNNVD-201002-068 // 
            
            
            
            CNVD: CNVD-2010-0217 // 
            
            
            
            JVNDB: JVNDB-2010-001085 // 
            
            
            
            BID: 38122

REFERENCES
url:http://securitytracker.com/id?1023551
Trust: 2.4
url:http://www.securityfocus.com/bid/38122
Trust: 2.4
url:http://www-01.ibm.com/support/docview.wss?uid=swg21417839
Trust: 1.9
url:http://secunia.com/advisories/38425
Trust: 1.6
url:http://www-1.ibm.com/support/docview.wss?uid=swg1pm00610
Trust: 1.6
url:http://www.osvdb.org/62140
Trust: 1.6
url:http://secunia.com/advisories/38425/
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0563
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0563
Trust: 0.8
url:http://osvdb.org/62140
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/0316
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14472
Trust: 0.6
url:http://www-01.ibm.com/software/websphere/
Trust: 0.3
sources:
            
            
            NVD: CVE-2010-0563 // 
            
            
            
            CNNVD: CNNVD-201002-068 // 
            
            
            
            CNVD: CNVD-2010-0217 // 
            
            
            
            JVNDB: JVNDB-2010-001085 // 
            
            
            
            BID: 38122

CREDITS
IBM ncsupp@ca.ibm.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201002-068

SOURCES
db:NVDid:CVE-2010-0563
db:CNNVDid:CNNVD-201002-068
db:CNVDid:CNVD-2010-0217
db:JVNDBid:JVNDB-2010-001085
db:BIDid:38122

LAST UPDATE DATE
2021-12-17T09:07:09.869000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2010-0563date:2010-11-03T04:00:00
db:CNNVDid:CNNVD-201002-068date:2010-02-09T00:00:00
db:CNVDid:CNVD-2010-0217date:2010-02-08T00:00:00
db:JVNDBid:JVNDB-2010-001085date:2010-02-25T00:00:00
db:BIDid:38122date:2015-04-13T21:02:00

SOURCES RELEASE DATE
db:NVDid:CVE-2010-0563date:2010-02-08T21:30:00
db:CNNVDid:CNNVD-201002-068date:2010-02-08T00:00:00
db:CNVDid:CNVD-2010-0217date:2010-02-08T00:00:00
db:JVNDBid:JVNDB-2010-001085date:2010-02-25T00:00:00
db:BIDid:38122date:2010-02-05T00:00:00