Vigil@nce - WebSphere AS 7: three vulnerabilities
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a Cross Site Scripting, create a denial of service or obtain information via Websphere Application Server.
Creation date: 04/05/2010
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in Websphere Application Server 7.
An attacker can generate a Cross Site Scripting in the administration console. [severity:2/4; 57164, BID-39295, CVE-2010-0768, PK97376]
An attacker can generate a denial of service in the management of ORB threads. [severity:2/4; 57182, CVE-2010-0770, PK93653]
When J2CConnectionFactory is defined, KeyRingPassword is stored unencrypted in the resources.xml file. [severity:2/4; 57185, BID-39567, CVE-2010-0769, PK95089]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN