The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a secure URL, related to a certain invokefilterscompatibility property.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Websphere_application_server | Ibm | 6.1.0.21 | 6.1.0.21 |
Websphere_application_server | Ibm | 6.1 | 6.1 |
Websphere_application_server | Ibm | 6.1.0.22 | 6.1.0.22 |
Websphere_application_server | Ibm | 6.1.0.19 | 6.1.0.19 |
Websphere_application_server | Ibm | 6.1.0.2 | 6.1.0.2 |
Websphere_application_server | Ibm | 6.1.0.4 | 6.1.0.4 |
Websphere_application_server | Ibm | 7.0.0.4 | 7.0.0.4 |
Websphere_application_server | Ibm | 6.1.0.11 | 6.1.0.11 |
Websphere_application_server | Ibm | 7.0 | 7.0 |
Websphere_application_server | Ibm | 6.1.0.14 | 6.1.0.14 |
Websphere_application_server | Ibm | 6.1.0.20 | 6.1.0.20 |
Websphere_application_server | Ibm | 6.1.0.9 | 6.1.0.9 |
Websphere_application_server | Ibm | 6.1.0.24 | 6.1.0.24 |
Websphere_application_server | Ibm | 6.1.0.0 | 6.1.0.0 |
Websphere_application_server | Ibm | 6.1.0.1 | 6.1.0.1 |
Websphere_application_server | Ibm | 6.1.0.7 | 6.1.0.7 |
Websphere_application_server | Ibm | 6.1.0.3 | 6.1.0.3 |
Websphere_application_server | Ibm | 6.1.0.17 | 6.1.0.17 |
Websphere_application_server | Ibm | 6.1.0.13 | 6.1.0.13 |
Websphere_application_server | Ibm | 6.1.0.16 | 6.1.0.16 |
Websphere_application_server | Ibm | 6.1.0.6 | 6.1.0.6 |
Websphere_application_server | Ibm | 6.1.0.10 | 6.1.0.10 |
Websphere_application_server | Ibm | 6.1.0.8 | 6.1.0.8 |
Websphere_application_server | Ibm | 6.1.0.15 | 6.1.0.15 |
Websphere_application_server | Ibm | 7.0.0.3 | 7.0.0.3 |
Websphere_application_server | Ibm | 6.1.0.18 | 6.1.0.18 |
Websphere_application_server | Ibm | 6.1.0.23 | 6.1.0.23 |
Websphere_application_server | Ibm | 7.0.0.1 | 7.0.0.1 |
Websphere_application_server | Ibm | 6.1.0 | 6.1.0 |
Websphere_application_server | Ibm | 6.1.0.5 | 6.1.0.5 |
Websphere_application_server | Ibm | 6.1.0.12 | 6.1.0.12 |