Check Point Advisories

Update protection against IBM WebSphere Application Server Cross Site Scripting Vulnerability

Check Point Reference: CPAI-2009-069
Date Published: 24 Apr 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA34461
Industry Reference:N/A
Protection Provided by:
Who is Vulnerable? IBM WebSphere Application Server 7.0.x
Vulnerability Description A cross-site scripting vulnerability exists in IBM WebSphere Application Server (WAS). The IBM WebSphere Application Server is a Java 2 Enterprise Edition (J2EE) and Web Services-based application server. The flaw is due to lack of validation of the user supplied input data. Remote attackers may be able to execute arbitrary HTML and script code on the victim's web browser.
Update/Patch AvaliableIBM has released an advisory addressing this vulnerability:
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980 
Vulnerability DetailsThe vulnerability is due to lack of validation of the user supplied input data. An attack targeting this vulnerability can result in the injection and execution of script code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK