CVE-2010-0786

IBM WebSphere Application Server 7.0 - Denial of Service via JAX-WS Request

Title source: llm
STIX 2.1

Description

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data.

References (3)

Core 3
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62950

Scores

EPSS 0.0221
EPSS Percentile 80.5%

Details

CWE
CWE-20
Status published
Products (13)
ibm/websphere_application_server 7.0
ibm/websphere_application_server 7.0.0.1
ibm/websphere_application_server 7.0.0.2
ibm/websphere_application_server 7.0.0.3
ibm/websphere_application_server 7.0.0.4
ibm/websphere_application_server 7.0.0.5
ibm/websphere_application_server 7.0.0.6
ibm/websphere_application_server 7.0.0.7
ibm/websphere_application_server 7.0.0.8
ibm/websphere_application_server 7.0.0.9
... and 3 more
Published Nov 09, 2010
Tracked Since Feb 18, 2026