IBM WebSphere Application Server (WAS) XSS And CSRF Vulnerabilities Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to conduct cross-site scripting and cross-site request forgery attacks. Impact Level: Application

Solution

Apply Fix Pack 7.0.0.13 and 6.1.0.35 or later, http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980 ***** NOTE : Ignore this warning, if above workaround has been applied. *****

Insight

- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. - An input sanitation error in the administrative console can be exploited to conduct cross-site request forgery attacks.

Affected

IBM WebSphere Application Server versions 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13.

References

http://secunia.com/advisories/42136
http://securitytracker.com/alerts/2010/Nov/1024686.html
http://www-01.ibm.com/support/docview.wss?uid=swg27004980

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0783, CVE-2010-0785
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
Apache mod_include priviledge escalation
Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability

IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities

Take action and discover your vulnerabilities