IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

IBM WebSphere Application Server is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user and gain access to the affected application other attacks are also possible. IBM WebSphere Application Server versions prior to 8.0.0.1 are vulnerable other versions may also be affected.

Solution

Vendor fixes are available. Please see the references for more information.

References

http://www-01.ibm.com/software/websphere/
http://www-01.ibm.com/support/docview.wss?uid=swg24030916
http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8001
http://www.securityfocus.com/bid/49766

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Cross-Site Scripting in Cherokee Error Pages
IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
IIS 5.0 Sample App reveals physical path of web root
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability

Take action and discover your vulnerabilities