SecuritySpace - CVE-2011-1311

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2011-1311

Description: The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-1311
AIX APAR: PM25455
http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455

CVE ID:	CVE-2011-1311
Description:	The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1311 AIX APAR: PM25455 http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455