Update protection against IBM WebSphere Application Server Cross Site Scripting Vulnerability

Vulnerability
Protection

Check Point Reference:	CPAI-2009-069
Date Published:
Preemptive Since:
Severity:
Source:	Secunia Advisory: SA34461
Industry Reference(s):	N/A
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? IBM WebSphere Application Server 7.0.x
Vulnerability Description A cross-site scripting vulnerability exists in IBM WebSphere Application Server (WAS). The IBM WebSphere Application Server is a Java 2 Enterprise Edition (J2EE) and Web Services-based application server. The flaw is due to lack of validation of the user supplied input data. Remote attackers may be able to execute arbitrary HTML and script code on the victim's web browser.

Update/Patch Available IBM has released an advisory addressing this vulnerability: http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Vulnerability Details The vulnerability is due to lack of validation of the user supplied input data. An attack targeting this vulnerability can result in the injection and execution of script code.

Protection Overview

By enabling this protection, IPS-1 will detect and block attempts to access the IBM WebSphere application with URLs that have embedded script tags in them.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the XSS Attacks protection group.
3. Click User Defined XSS Alert (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: XSS Attacks
Description: User Defined XSS Alert

Legal Notice for Threat Center Advisories