IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
References
Link | Resource |
---|---|
http://secunia.com/advisories/33994 | Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21330341 | Patch Vendor Advisory |
http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231 | Vendor Advisory |
http://www.securityfocus.com/bid/33839 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/48530 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-22T22:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2009-02-05T00:00:00
Link: CVE-2009-0440
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-22T22:30:00.843
Modified: 2017-08-08T01:33:57.220
Link: CVE-2009-0440
JSON object: View
Redhat Information
No data.
CWE