Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2009-0891

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.

  • Published: Mar 25, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-0891
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
ibm / websphere_application_server 6.1.0.21 6.1.0.21.x
ibm / websphere_application_server 6.0.2.10 6.0.2.10.x
ibm / websphere_application_server 6.1 6.1.x
ibm / websphere_application_server 6.1.0.22 6.1.0.22.x
ibm / websphere_application_server 6.1.0.19 6.1.0.19.x
ibm / websphere_application_server 6.0.2.1 6.0.2.1.x
ibm / websphere_application_server 6.0.2.5 6.0.2.5.x
ibm / websphere_application_server 6.1.0.2 6.1.0.2.x
ibm / websphere_application_server 6.1.0.4 6.1.0.4.x
ibm / websphere_application_server 6.0.2.20 6.0.2.20.x
ibm / websphere_application_server 6.0.2.13 6.0.2.13.x
ibm / websphere_application_server 6.1.0.11 6.1.0.11.x
ibm / websphere_application_server 6.0.2.9 6.0.2.9.x
ibm / websphere_application_server 7.0 7.0.x
ibm / websphere_application_server 6.0.2.28 6.0.2.28.x
ibm / websphere_application_server 6.1.0.14 6.1.0.14.x
ibm / websphere_application_server 6.0.2.11 6.0.2.11.x
ibm / websphere_application_server 6.0.2.6 6.0.2.6.x
ibm / websphere_application_server 6.1.0.20 6.1.0.20.x
ibm / websphere_application_server 6.0.2.2 6.0.2.2.x
ibm / websphere_application_server 6.0.2 6.0.2.x
ibm / websphere_application_server 6.0.2.24 6.0.2.24.x
ibm / websphere_application_server 6.0.2.21 6.0.2.21.x
ibm / websphere_application_server 6.0.2.15 6.0.2.15.x
ibm / websphere_application_server 6.0.2.4 6.0.2.4.x
ibm / websphere_application_server 6.0.2.32 6.0.2.32.x
ibm / websphere_application_server 6.0.2.17 6.0.2.17.x
ibm / websphere_application_server 6.1.0.9 6.1.0.9.x
ibm / websphere_application_server 6.0.2.30 6.0.2.30.x
ibm / websphere_application_server 6.1.0.0 6.1.0.0.x
ibm / websphere_application_server 6.1.0.1 6.1.0.1.x
ibm / websphere_application_server 6.0.2.29 6.0.2.29.x
ibm / websphere_application_server 6.0.2.23 6.0.2.23.x
ibm / websphere_application_server 6.0.2.18 6.0.2.18.x
ibm / websphere_application_server 6.0.2.16 6.0.2.16.x
ibm / websphere_application_server 6.0.2.7 6.0.2.7.x
ibm / websphere_application_server 6.1.0.7 6.1.0.7.x
ibm / websphere_application_server 6.0.2.27 6.0.2.27.x
ibm / websphere_application_server 6.0.2.12 6.0.2.12.x
ibm / websphere_application_server 6.1.0.3 6.1.0.3.x
ibm / websphere_application_server 6.1.0.17 6.1.0.17.x
ibm / websphere_application_server 6.1.0.13 6.1.0.13.x
ibm / websphere_application_server 6.1.0.16 6.1.0.16.x
ibm / websphere_application_server 6.1.0.6 6.1.0.6.x
ibm / websphere_application_server 6.0.2.22 6.0.2.22.x
ibm / websphere_application_server 6.1.0.10 6.1.0.10.x
ibm / websphere_application_server 6.1.0.8 6.1.0.8.x
ibm / websphere_application_server 6.1.0.15 6.1.0.15.x
ibm / websphere_application_server 6.0.2.3 6.0.2.3.x
ibm / websphere_application_server 6.1.0.18 6.1.0.18.x
ibm / websphere_application_server 6.0.2.19 6.0.2.19.x
ibm / websphere_application_server 6.0.2.25 6.0.2.25.x
ibm / websphere_application_server 6.1.0 6.1.0.x
ibm / websphere_application_server 6.0.2.8 6.0.2.8.x
ibm / websphere_application_server 6.0.2.14 6.0.2.14.x
ibm / websphere_application_server 6.1.0.5 6.1.0.5.x
ibm / websphere_application_server 6.1.0.12 6.1.0.12.x
ibm / websphere_application_server 6.0.2.31 6.0.2.31.x