Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM WebSphere PKIXBuilderParameters对象安全绕过漏洞
Vulnerability Description
IBM Websphere应用服务器以Java和Servlet引擎为基础,支持多种HTTP服务,可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 如果将Certificate Store Collections配置为使用证书撤销列表(CRL)的话,WebSphere应用服务器的Web Services Security组件就没有对PKIXBuilderParameters对象调用setRevocationEnabled方式,导致Java安全方式无法检查X.509证书的撤销状态。远程攻击者可以通
CVSS Information
N/A
Vulnerability Type
N/A