IBM WebSphere Application Server (WAS) Multiple Vulnerabilities Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to conduct Cross-site scripting attacks and cause a Denial of Service. Impact Level: Application

Solution

Apply Fix Pack 13 for version 7.0 (7.0.0.13) or later, http://www-01.ibm.com/support/docview.wss?uid=swg27014463 ***** NOTE : Ignore this warning, if above workaround has been applied. *****

Insight

- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. - A cross-site scripting vulnerability exists in the Integrated Solution Console due to improper filtering on input values.

Affected

IBM WebSphere Application Server versions 7.0 before 7.0.0.13.

References

http://secunia.com/advisories/41722
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.vupen.com/english/advisories/2010/2595

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0784, CVE-2010-4220

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability
CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities

Take action and discover your vulnerabilities