Vigil@nce - WebSphere AS 6.1: four vulnerabilities
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can obtain information or generate a denial of service
via Websphere Application Server.
Severity: 2/4
Creation date: 21/06/2010
Revision date: 25/06/2010
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in Websphere Application
Server.
An attacker can send a malformed message, in order to read a file
or to generate a denial of service via JAX-WS/JAX-RS.
[severity:2/4; CVE-2010-1632, PM14847]
An attacker can upload a SSL file larger than 2Go, in order to
create a denial of service. [severity:1/4; BID-41081,
CVE-2010-2327, PM10270]
An attacker can generate a Cross Site Scripting in the
administration console. [severity:2/4; 59647, BID-41084,
BID-41149, CVE-2010-0779, CVE-2010-2324, PM09250, was-admin-xss]
An attacker can create a Cross Site Scripting and inject an url,
in the administrative console. [severity:2/4; 59646, BID-41091,
BID-41148, CVE-2010-0778, CVE-2010-2325, PM11778,
was-admincons-xss]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-6-1-four-vulnerabilities-9719