Summary
IBM WebSphere Application Server (WAS) is prone to multiple vulnerabilities.
1. A cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
2. A Remote Denial Of Service Vulnerability.
Exploiting this issue allows remote attackers to cause WAS ORB threads to hang, denying service to legitimate users.
Versions prior to WAS 7.0.0.9, 6.1.0.31, and 6.0.2.4 are vulnerable.
Solution
The vendor has released updates. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2010-0768, CVE-2010-0769, CVE-2010-0770 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14