Signature Spoofing in IBM WebSphere Application Server and WebSphere Message Broker
CVE-2013-0482

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker; Websphere Application Server
Vendor: CVE Published:; 29 May 2013

Summary

IBM WebSphere Application Server and WebSphere Message Broker are susceptible to a signature spoofing vulnerability when WS-Security is implemented. Attackers may exploit this weakness using a specially crafted SOAP message to spoof message signatures. This vulnerability is categorized as a 'Signature Wrap attack' and is distinct from other previously identified vulnerabilities. Users of WebSphere products should apply the necessary patches to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21635474

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
May 29, 2013
Vulnerability Reserved
Dec 16, 2012