IBM WebSphere Application Server Multiple Vulnerabilities Network Vulnerability

Summary

IBM WebSphere Application Server (WAS) is prone to multiple vulnerabilities. 1. A cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. 2. A Remote Denial Of Service Vulnerability. Exploiting this issue allows remote attackers to cause WAS ORB threads to hang, denying service to legitimate users. Versions prior to WAS 7.0.0.9, 6.1.0.31, and 6.0.2.4 are vulnerable.

Solution

The vendor has released updates. Please see the references for details.

References

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980
http://www-306.ibm.com/software/websphere/#
http://www.securityfocus.com/bid/39051
http://www.securityfocus.com/bid/39056
http://xforce.iss.net/xforce/xfdb/57164
http://xforce.iss.net/xforce/xfdb/57182

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0768, CVE-2010-0769, CVE-2010-0770

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
Ampache Reflected Cross Site Scripting Vulnerability

IBM WebSphere Application Server multiple vulnerabilities

Take action and discover your vulnerabilities