Vigil@nce: WebSphere AS 6.1.0, several vulnerabilities
March 2009 by Vigil@nce
Several vulnerabilities of WebSphere AS can be used to attack the
service.
– Gravity: 2/4
– Consequences: client access/rights
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 06/03/2009
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in WebSphere Application
Server.
An attacker can create a Cross Site Scripting in application
examples provided with WebSphere. [grav:1/4; PK76720]
An attacker can create a Cross Site Scripting in the
administrative console. [grav:2/4; PK77505]
CHARACTERISTICS
– Identifiers: BID-34001, PK76720, PK77505, PK81212,
VIGILANCE-VUL-8515
– Url: http://vigilance.fr/vulnerability/WebSphere-AS-6-1-0-several-vulnerabilities-8515