CVE-2011-1377

critical

Description

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72299

http://www.securityfocus.com/bid/50310

http://www-01.ibm.com/support/docview.wss?uid=swg27011716

http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205

http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792

http://secunia.com/advisories/46469

Details

Source: Mitre, NVD

Published: 2012-01-15

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical