OpenCVE

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Application Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_application_server:7.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/38425
http://securitytracker.com/id?1023551
http://www-01.ibm.com/support/docview.wss?uid=swg21417839
http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610
http://www.osvdb.org/62140
http://www.securityfocus.com/bid/38122

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-08T21:00:00Z

Updated: 2024-09-17T00:02:32.927Z

Reserved: 2010-02-08T00:00:00Z

Link: CVE-2010-0563

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-02-08T21:30:00.530

Modified: 2010-11-03T04:00:00.000

Link: CVE-2010-0563

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-08T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1023551", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023551"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"}, {"name": "PM00610", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"}, {"name": "38122", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38122"}, {"name": "38425", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38425"}, {"name": "62140", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/62140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0563", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1023551", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023551"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"}, {"name": "PM00610", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"}, {"name": "38122", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38122"}, {"name": "38425", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38425"}, {"name": "62140", "refsource": "OSVDB", "url": "http://www.osvdb.org/62140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:52:19.366Z"}, "title": "CVE Program Container", "references": [{"name": "1023551", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023551"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"}, {"name": "PM00610", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"}, {"name": "38122", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38122"}, {"name": "38425", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38425"}, {"name": "62140", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/62140"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0563", "datePublished": "2010-02-08T21:00:00Z", "dateReserved": "2010-02-08T00:00:00Z", "dateUpdated": "2024-09-17T00:02:32.927Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted."}, {"lang": "es", "value": "La funcionalidad Single Sign-on (SSO) en IBM WebSphere Application Server (WAS) v7.0.0.0 a la v7.0.0.8, no reconoce la opci\u00f3n de configuraci\u00f3n \"Requires SSL\", lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible analizando las sesiones de red que se suponen est\u00e1n cifradas."}], "id": "CVE-2010-0563", "lastModified": "2010-11-03T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-08T21:30:00.530", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38425"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1023551"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21417839"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/62140"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/38122"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}