Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.

  • Published: Aug 13, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2088
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
ibm / websphere_application_server 6.1.0.21 6.1.0.21.x
ibm / websphere_application_server 6.1 6.1.x
ibm / websphere_application_server 6.1.0.22 6.1.0.22.x
ibm / websphere_application_server 6.1.0.19 6.1.0.19.x
ibm / websphere_application_server 6.1.0.2 6.1.0.2.x
ibm / websphere_application_server 6.1.0.4 6.1.0.4.x
ibm / websphere_application_server 7.0.0.4 7.0.0.4.x
ibm / websphere_application_server 6.1.0.11 6.1.0.11.x
ibm / websphere_application_server 7.0 7.0.x
ibm / websphere_application_server 6.1.0.14 6.1.0.14.x
ibm / websphere_application_server 6.1.0.20 6.1.0.20.x
ibm / websphere_application_server 6.1.0.9 6.1.0.9.x
ibm / websphere_application_server 6.1.0.24 6.1.0.24.x
ibm / websphere_application_server 6.1.0.0 6.1.0.0.x
ibm / websphere_application_server 6.1.0.1 6.1.0.1.x
ibm / websphere_application_server 6.1.0.7 6.1.0.7.x
ibm / websphere_application_server 6.1.0.3 6.1.0.3.x
ibm / websphere_application_server 6.1.0.17 6.1.0.17.x
ibm / websphere_application_server 6.1.0.13 6.1.0.13.x
ibm / websphere_application_server 6.1.0.16 6.1.0.16.x
ibm / websphere_application_server 6.1.0.6 6.1.0.6.x
ibm / websphere_application_server 6.1.0.10 6.1.0.10.x
ibm / websphere_application_server 6.1.0.8 6.1.0.8.x
ibm / websphere_application_server 6.1.0.15 6.1.0.15.x
ibm / websphere_application_server 7.0.0.3 7.0.0.3.x
ibm / websphere_application_server 6.1.0.18 6.1.0.18.x
ibm / websphere_application_server 6.1.0.23 6.1.0.23.x
ibm / websphere_application_server 7.0.0.1 7.0.0.1.x
ibm / websphere_application_server 6.1.0 6.1.0.x
ibm / websphere_application_server 6.1.0.5 6.1.0.5.x
ibm / websphere_application_server 6.1.0.12 6.1.0.12.x