Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting and cross-site request forgery attacks.
Impact Level: Application
Solution
Apply Fix Pack 7.0.0.13 and 6.1.0.35 or later,
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980
*****
NOTE : Ignore this warning, if above workaround has been applied.
*****
Insight
- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values.
- An input sanitation error in the administrative console can be exploited to conduct cross-site request forgery attacks.
Affected
IBM WebSphere Application Server versions 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13.
References
Severity
Classification
-
CVE CVE-2010-0783, CVE-2010-0785 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
- Apache mod_include priviledge escalation
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability