Summary
The host is running IBM WebSphere Application Server and is prone to cross-site request forgery vulnerabilities.
Impact
Successful exploitation will allow remote users to gain sensitive information and conduct other malicious activities.
Impact Level: Application
Solution
Apply the patch from vendor link,
http://www-01.ibm.com/software/webservers/appserv/was/
Insight
The flaws are due to by improper validation of user-supplied input in the Global Security panel and master configuration save functionality.
which allows attacker to force a logged-in administrator to perform unwanted actions.
Affected
IBM WebSphere Application Server (WAS) 7.0.0.13 and prior.
References
Severity
Classification
-
CVE CVE-2010-3271 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Multiple Vulnerabilities Jul-11
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- Apache Directory Listing
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability