Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting and cross-site request forgery attacks.
Impact Level: Application
Solution
Apply Fix Pack 7.0.0.13 and 6.1.0.35 or later,
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980
*****
NOTE : Ignore this warning, if above workaround has been applied.
*****
Insight
- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values.
- An input sanitation error in the administrative console can be exploited to conduct cross-site request forgery attacks.
Affected
IBM WebSphere Application Server versions 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13.
References
Severity
Classification
-
CVE CVE-2010-0783, CVE-2010-0785 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server JNDI information disclosure Vulnerability
- IBM WebSphere Application Multiple Vulnerabilities Jul-11
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- iWeb Server URL Directory Traversal Vulnerability