Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM WebSphere Application Server 应用JAX-WS访问限制和安全跳过漏洞
Vulnerability Description
IBM WebSphere Application Server (WAS) 7.0.0.3版本之前的7.0版本以及WAS 6.1.0.25版本之前的6.1版本的网络服务的Feature补丁,在一个WS-Security策略在操作水平上建立以后,没有适当地处理入站的请求,并缺少一个SOAPAction或WS-Addressing操作,这会允许远程攻击者可以借助一个特制的对JAX-WS应用程序的请求,绕过预设的访问限制。
CVSS Information
N/A
Vulnerability Type
N/A