Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - WebSphere AS 7: three vulnerabilities

May 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can generate a Cross Site Scripting, create a denial of service or obtain information via Websphere Application Server.

Severity: 2/4

Creation date: 04/05/2010

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in Websphere Application Server 7.

An attacker can generate a Cross Site Scripting in the administration console. [severity:2/4; 57164, BID-39295, CVE-2010-0768, PK97376]

An attacker can generate a denial of service in the management of ORB threads. [severity:2/4; 57182, CVE-2010-0770, PK93653]

When J2CConnectionFactory is defined, KeyRingPassword is stored unencrypted in the resources.xml file. [severity:2/4; 57185, BID-39567, CVE-2010-0769, PK95089]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/W...




See previous articles

    

See next articles