CVE-2008-4679

NONECVSS 0.0

0.0

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate.

🔗 References (14)

cve@mitrehttp://secunia.com/advisories/32296
cve@mitrehttp://www-01.ibm.com/support/docview.wss?uid=swg27006876
cve@mitrehttp://www-01.ibm.com/support/docview.wss?uid=swg27007951
cve@mitrehttp://www-1.ibm.com/support/docview.wss?uid=swg1PK61258
cve@mitrehttp://www.securityfocus.com/bid/31839
cve@mitrehttp://www.vupen.com/english/advisories/2008/2871
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/46002
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32296
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg27006876
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg27007951
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1PK61258
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31839
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2871
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46002

Is Your Infrastructure Affected by CVE-2008-4679?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-4679

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-4679?