Novi propust vezan uz IBM WebSphere Application Server

U radu IBM WebSphere Application poslužitelja uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za izvođenje XSS napada.

Paket:	IBM WebSphere Application Server 7.0.x, IBM WebSphere Application Server 8.0
Operacijski sustavi:	HP-UX 10.x, HP-UX 11.x, IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x, IBM z/OS 1.x, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, Sun Solaris 9, Sun Solaris 10, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11
Problem:	neodgovarajuća provjera ulaznih podataka
Iskorištavanje:	udaljeno
Posljedica:	umetanje HTML i skriptnog koda
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	SA46154
Izvor:	Secunia

Problem:
Sigurnosni problem je posljedica mogućeg izvođenja određenih akcija putem HTTP zahtjeva bez provjere valjanosti takvih zahtjeva.
Posljedica:
Udaljeni napadač ranjivost može iskoristiti za XSS (eng. Cross Site Scripting) napad.
Rješenje:
Svim se korisnicima savjetuje nadogradnja na inačicu 8.0.0.1.

Izvorni tekst preporuke

Secunia Advisory SA46154
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

Release Date 	2011-09-26
Criticality level 	Less criticalLess critical
Impact 	Cross Site Scripting
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	IBM WebSphere Application Server 8.0.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions when a logged-in user visits a malicious web site.

The vulnerability is reported in versions prior to 8.0.0.1.

Solution
Update to version 8.0.0.1.

Provided and/or discovered by
Reported by the vendor.

Original Advisory
IBM (PM36734):
http://www.ibm.com/support/docview.wss?uid=swg27022958

Novi propust vezan uz IBM WebSphere Application Server

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Novi propust vezan uz IBM WebSphere Application Server

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti