IBM WebSphere Application Server (WAS) Multiple Vulnerabilities Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to conduct Cross-site scripting attacks and cause a Denial of Service. Impact Level: Application

Solution

Apply Fix Pack 13 for version 7.0 (7.0.0.13) or later, http://www-01.ibm.com/support/docview.wss?uid=swg27014463 ***** NOTE : Ignore this warning, if above workaround has been applied. *****

Insight

- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. - A cross-site scripting vulnerability exists in the Integrated Solution Console due to improper filtering on input values.

Affected

IBM WebSphere Application Server versions 7.0 before 7.0.0.13.

References

http://secunia.com/advisories/41722
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.vupen.com/english/advisories/2010/2595

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0784, CVE-2010-4220
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
Apache Tomcat Denial Of Service Vulnerability (Windows)
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Lighttpd Trailing Slash Information Disclosure Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011

Take action and discover your vulnerabilities