IBM WebSphere Application Server JAX-WS unknown details Vulnerability

Release date: 2011-10-20
Updated on: 2012-09-07

Affected Systems:
IBM Websphere Application Server 6.1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50310
Cve id: CVE-2011-1377

IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.

The Web Services Security component in versions earlier than IBM WebSphere Application Server (WAS) 6.1 Web Services Feature Pack 6.1.0.41 did not properly enable WS-Security for JAX-WS applications, and the impact is currently unknown.

<* Source: IBM (ncsupp@ca.ibm.com)

Link: http://secunia.com/advisories/46469
Http://www-01.ibm.com/support/docview.wss? Uid = swg27011716
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (swg27011716) and corresponding patches:

Swg27011716: Fix list for Web Services Feature Pack for WebSphere Application Server V6.1

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg27011716