IBM WebSphere Application Server Username Token Option Session Hijacking Vulnerability

Bugtraq ID: 34330
Class: Design Error
CVE: CVE-2009-0891
Remote: Yes
Local: No
Published: Mar 24 2009 12:00AM
Updated: Apr 01 2009 06:26PM
Credit: IBM
Vulnerable: IBM Websphere Application Server 6.1.2
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .8
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .4
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .22
IBM Websphere Application Server 6.1 .21
IBM Websphere Application Server 6.1 .20
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .19
IBM Websphere Application Server 6.1 .18
IBM Websphere Application Server 6.1 .17
IBM Websphere Application Server 6.1 .15
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .13
IBM Websphere Application Server 6.1 .12
IBM Websphere Application Server 6.1 .11
IBM Websphere Application Server 6.1 .10
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0.2 .9
IBM Websphere Application Server 6.0.2 .7
IBM Websphere Application Server 6.0.2 .5
IBM Websphere Application Server 6.0.2 .31
IBM Websphere Application Server 6.0.2 .3
IBM Websphere Application Server 6.0.2 .29
IBM Websphere Application Server 6.0.2 .25
IBM Websphere Application Server 6.0.2 .24
IBM Websphere Application Server 6.0.2 .23
IBM Websphere Application Server 6.0.2 .22
IBM Websphere Application Server 6.0.2 .21
IBM Websphere Application Server 6.0.2 .19
IBM Websphere Application Server 6.0.2 .17
IBM Websphere Application Server 6.0.2 .15
IBM Websphere Application Server 6.0.2 .13
IBM Websphere Application Server 6.0.2 .11
IBM Websphere Application Server 6.0.2 .1
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.0.2.19
Not Vulnerable: IBM Websphere Application Server 6.1 .23
IBM Websphere Application Server 6.0.2 .33
IBM Websphere Application Server 7.0.0.1


 

Privacy Statement
Copyright 2010, SecurityFocus