CVE Vulnerabilities

CVE-2011-1224

Published: Jul 07, 2011 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application.

Affected Software

Name Vendor Start Version End Version
Websphere_mq Ibm 6.0.1.0 6.0.1.0
Websphere_mq Ibm 6.0 6.0
Websphere_mq Ibm 6.0.2.4 6.0.2.4
Websphere_mq Ibm 6.0.1.1 6.0.1.1
Websphere_mq Ibm 6.0.2.7 6.0.2.7
Websphere_mq Ibm 6.0.2.3 6.0.2.3
Websphere_mq Ibm 6.0.2.9 6.0.2.9
Websphere_mq Ibm 6.0.2.1 6.0.2.1
Websphere_mq Ibm 6.0.2.8 6.0.2.8
Websphere_mq Ibm 6.0.2.2 6.0.2.2
Websphere_mq Ibm 6.0.2.0 6.0.2.0
Websphere_mq Ibm 6.0.2.10 6.0.2.10
Websphere_mq Ibm 6.0.2.5 6.0.2.5
Websphere_mq Ibm 6.0.2.6 6.0.2.6

References