Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ibm websphere_application_server 授权问题漏洞
Vulnerability Description
当SPNEGO Single Sign-on (SSO)和disableSecurityPreInvokeOnFilters被具体化时,IBM WebSphere Application Server(WAS)6.1.0.25之前的6.1版本和7.0.0.5之前的7.0版本中的Servlet Engine/Web Container组件允许远程攻击者借助一个需要一个"安全的URL"的请求,绕过身份认证。此漏洞可能与某个调用过滤器兼容性属性有关。
CVSS Information
N/A
Vulnerability Type
N/A