Vigil@nce: WebSphere AS 7.0, six vulnerabilities
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of WebSphere
Application Server.
– Severity: 2/4
– Creation date: 28/05/2012
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
Six vulnerabilities were announced in WebSphere Application Server.
An attacker can use line feeds, in order to create a Cross Site
Scripting in the web console. [severity:2/4; BID-52721,
CERTA-2011-AVI-209, CVE-2011-0096, CVE-2012-0720, PM52274]
An attacker can create a Cross Site Scripting in cheatSheetPackage
of the Administrative Console. [severity:2/4; BID-52722,
CVE-2012-0716, PM53132]
An attacker can obtain information via Application Snoop Servlet.
[severity:1/4; BID-53755, CVE-2012-2170, PM56183]
An attacker can send data generating storage collisions, in order
to overload a service (VIGILANCE-VUL-11254). [severity:2/4;
CVE-2012-0193, PM53930]
An attacker can bypass the authentication using a SSL client
certificate. [severity:2/4; BID-52724, CVE-2012-0717, PM52351,
swg21587015]
A vulnerability of WebSphere Application Server impacts JAX-WS
applications with WS-Security enabled. [severity:2/4; PM45181]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-7-0-six-vulnerabilities-11658