Vigil@nce: WebSphere AS 6.1, two vulnerabilities
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Websphere
Application Server.
– Severity: 2/4
– Creation date: 08/11/2010
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in Websphere Application Server.
An attacker can generate a Cross Site Scripting in the
administration console. [severity:2/4; 62947, BID-44670,
CVE-2010-0783, PM14251, was-admin-cons-xss]
An attacker can generate a Cross Site Request Forgery in the
administration console. [severity:2/4; 62949, BID-43875,
CVE-2010-0785, PM18909, was-admin-console-csrf]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-6-1-two-vulnerabilities-10113