IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to Cross-site Scripting vulnerability.

Impact

Successful exploitation will let attackers to conduct Cross-site scripting attacks. Impact Level: Application

Solution

Upgrade to IBM WAS version 6.0.2.43, 6.1.0.33 or 7.0.0.11, For updates refer to http://www.ibm.com/developerworks/downloads/ws/was/

Insight

The flaw is due to an error in the Administration Console, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

IBM WAS Version 6.0 before 6.0.2.43, 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11

References

http://en.securitylab.ru/nvd/395192.php
http://vul.hackerjournals.com/?p=10207
http://xforce.iss.net/xforce/xfdb/59646
http://xforce.iss.net/xforce/xfdb/59647

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0778, CVE-2010-0779

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability

Take action and discover your vulnerabilities