IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to Cross-site Scripting vulnerability.

Impact

Successful exploitation will let attackers to conduct Cross-site scripting attacks. Impact Level: Application

Solution

Upgrade to IBM WAS version 6.0.2.43, 6.1.0.33 or 7.0.0.11, For updates refer to http://www.ibm.com/developerworks/downloads/ws/was/

Insight

The flaw is due to an error in the Administration Console, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

IBM WAS Version 6.0 before 6.0.2.43, 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11

References

http://en.securitylab.ru/nvd/395192.php
http://vul.hackerjournals.com/?p=10207
http://xforce.iss.net/xforce/xfdb/59646
http://xforce.iss.net/xforce/xfdb/59647

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0778, CVE-2010-0779

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
IBM WebSphere Application Server JNDI information disclosure Vulnerability

Take action and discover your vulnerabilities