Otkriven je sigurnosni nedostatak vezan uz IBM WebSphere Application Server. Radi se o aplikacijskom poslužitelju koji omogućava razvoj SOA (eng. Service Oriented Architecture) aplikacija i servisa. Nedostatak je posljedica neispravne obrade određenih ulaznih podataka u IVT aplikaciji. Takvu situaciju udaljeni napadač može iskoristiti za izvođenje XSS (eng. cross-site scripting) napada. U svrhu zaštite, korisnici se upućuju na instalaciju odgovarajuće nadogradnje. Za više detalja se preporuča pregled izvorne preporuke.
IBM WebSphere Application Server IVT Cross-Site Scripting Vulnerability
Secunia Advisory SA44031
Release Date 2011-04-04
Criticality level Less criticalLess critical
Impact Cross Site Scripting
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
IBM WebSphere Application Server 6.1.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain unspecified input passed to the IVT application can be exploited to conduct cross-site scripting attacks.
For more information see vulnerability #3 in:
SA42938
The vulnerability is reported in versions prior to 6.1 Fix Pack 37 (6.1.0.37).
Solution
Apply APAR PM20393 or update to version 6.1.0.37.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
IBM (PM20393):
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Posljednje sigurnosne preporuke