Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of WebSphere
Application Server.

– Severity: 2/4
– Creation date: 28/05/2012

IMPACTED PRODUCTS

– IBM WebSphere Application Server

DESCRIPTION OF THE VULNERABILITY

Six vulnerabilities were announced in WebSphere Application Server.

An attacker can use line feeds, in order to create a Cross Site
Scripting in the web console. [severity:2/4; BID-52721,
CERTA-2011-AVI-209, CVE-2011-0096, CVE-2012-0720, PM52274]

An attacker can create a Cross Site Scripting in cheatSheetPackage
of the Administrative Console. [severity:2/4; BID-52722,
CVE-2012-0716, PM53132]

An attacker can obtain information via Application Snoop Servlet.
[severity:1/4; BID-53755, CVE-2012-2170, PM56183]

An attacker can send data generating storage collisions, in order
to overload a service (VIGILANCE-VUL-11254). [severity:2/4;
CVE-2012-0193, PM53930]

An attacker can bypass the authentication using a SSL client
certificate. [severity:2/4; BID-52724, CVE-2012-0717, PM52351,
swg21587015]

A vulnerability of WebSphere Application Server impacts JAX-WS
applications with WS-Security enabled. [severity:2/4; PM45181]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/WebSphere-AS-7-0-six-vulnerabilities-11658