CVE-2009-0440 - Vulnerability Details - OpenCVE

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Partner Gateway

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.6:::::::*
	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.7:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/33994
http://www-01.ibm.com/support/docview.wss?uid=swg21330341
http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231
http://www.securityfocus.com/bid/33839
https://exchange.xforce.ibmcloud.com/vulnerabilities/48530

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-22T22:00:00

Updated: 2024-08-07T04:31:26.318Z

Reserved: 2009-02-05T00:00:00

Link: CVE-2009-0440

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-22T22:30:00.843

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0440

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) \"altered service content\" and (2) \"digital signature foot-print.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "websphere-pgateway-rnif-signatures(48530)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530"}, {"name": "33839", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33839"}, {"name": "33994", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33994"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341"}, {"name": "JR31231", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0440", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) \"altered service content\" and (2) \"digital signature foot-print.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "websphere-pgateway-rnif-signatures(48530)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530"}, {"name": "33839", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33839"}, {"name": "33994", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33994"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341"}, {"name": "JR31231", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:26.318Z"}, "title": "CVE Program Container", "references": [{"name": "websphere-pgateway-rnif-signatures(48530)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530"}, {"name": "33839", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33839"}, {"name": "33994", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33994"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341"}, {"name": "JR31231", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0440", "datePublished": "2009-02-22T22:00:00", "dateReserved": "2009-02-05T00:00:00", "dateUpdated": "2024-08-07T04:31:26.318Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3B68684-EB29-4FC1-9CCF-559EE3E5885E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5CD8555-DD04-4D12-8A99-62786588FC2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3042B79-F460-4F94-8371-EEA0247F8DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "23933DBA-A861-4EA3-85CB-C4C644651771", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "80A79AA1-1791-4EC7-8155-4FC5EA9C8D46", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8C7B6512-CBED-443E-A059-5B0591FCA60B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A40E40C8-FEF8-464A-BA09-5223E4375999", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9ECAF146-F575-4CAD-A1F5-2FE9F04BE51C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) \"altered service content\" and (2) \"digital signature foot-print.\""}, {"lang": "es", "value": "IBM WebSphere Partner Gateway (WPG) v6.0.0 hasta v6.0.0.7 no gestiona adecuadamente los fallos de verificaci\u00f3n de firma, lo que permite a usuarios remotos autenticados enviar un documento RosettaNet (tambi\u00e9n conocido como RNIF) manipulado a una aplicaci\u00f3n de administraci\u00f3n, relacionado con (1) \"contenido de servicio alterado\" y (2) \"foot-print de firma digital\"."}], "id": "CVE-2009-0440", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-22T22:30:00.843", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33994"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33839"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48530"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}