Summary
IBM WebSphere Application Server is prone to a cross-site request forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user and gain access to the affected application
other attacks are also possible.
IBM WebSphere Application Server versions prior to 8.0.0.1 are vulnerable
other versions may also be affected.
Solution
Vendor fixes are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Cross-Site Scripting in Cherokee Error Pages
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- IIS 5.0 Sample App reveals physical path of web root
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability