Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2009-0903

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.

  • Published: Jun 25, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-0903
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
ibm / websphere_application_server 6.1.0.21 6.1.0.21.x
ibm / websphere_application_server 6.1 6.1.x
ibm / websphere_application_server 6.1.0.22 6.1.0.22.x
ibm / websphere_application_server 6.1.0.19 6.1.0.19.x
ibm / websphere_application_server 6.1.0.2 6.1.0.2.x
ibm / websphere_application_server 6.1.0.4 6.1.0.4.x
ibm / websphere_application_server 6.1.0.11 6.1.0.11.x
ibm / websphere_application_server 7.0 7.0.x
ibm / websphere_application_server 6.1.0.14 6.1.0.14.x
ibm / websphere_application_server 6.1.0.20 6.1.0.20.x
ibm / websphere_application_server 6.1.0.9 6.1.0.9.x
ibm / websphere_application_server 6.1.0.24 6.1.0.24.x
ibm / websphere_application_server 6.1.0.0 6.1.0.0.x
ibm / websphere_application_server 6.1.0.1 6.1.0.1.x
ibm / websphere_application_server 6.1.0.7 6.1.0.7.x
ibm / websphere_application_server 6.1.0.3 6.1.0.3.x
ibm / websphere_application_server 6.1.0.17 6.1.0.17.x
ibm / websphere_application_server 6.1.0.13 6.1.0.13.x
ibm / websphere_application_server 6.1.0.16 6.1.0.16.x
ibm / websphere_application_server 6.1.0.6 6.1.0.6.x
ibm / websphere_application_server 6.1.0.10 6.1.0.10.x
ibm / websphere_application_server 6.1.0.8 6.1.0.8.x
ibm / websphere_application_server 6.1.0.15 6.1.0.15.x
ibm / websphere_application_server 6.1.0.18 6.1.0.18.x
ibm / websphere_application_server 6.1.0.23 6.1.0.23.x
ibm / websphere_application_server 7.0.0.1 7.0.0.1.x
ibm / websphere_application_server 6.1.0 6.1.0.x
ibm / websphere_application_server 6.1.0.5 6.1.0.5.x
ibm / websphere_application_server 6.1.0.12 6.1.0.12.x