Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct Cross-site scripting attacks and cause a Denial of Service.
Impact Level: Application
Solution
Apply Fix Pack 13 for version 7.0 (7.0.0.13) or later, http://www-01.ibm.com/support/docview.wss?uid=swg27014463
*****
NOTE : Ignore this warning, if above workaround has been applied.
*****
Insight
- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values.
- A cross-site scripting vulnerability exists in the Integrated Solution Console due to improper filtering on input values.
Affected
IBM WebSphere Application Server versions 7.0 before 7.0.0.13.
References
Severity
Classification
-
CVE CVE-2010-0784, CVE-2010-4220 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011