Summary
The host is running IBM WebSphere Application Server and is prone to Cross-site Scripting vulnerability.
Impact
Successful exploitation will let attackers to conduct Cross-site scripting attacks.
Impact Level: Application
Solution
Upgrade to IBM WAS version 6.0.2.43, 6.1.0.33 or 7.0.0.11, For updates refer to http://www.ibm.com/developerworks/downloads/ws/was/
Insight
The flaw is due to an error in the Administration Console, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
IBM WAS Version 6.0 before 6.0.2.43, 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11
References
Severity
Classification
-
CVE CVE-2010-0778, CVE-2010-0779 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Ecava IntegraXor Account Information Disclosure Vulnerability