IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
BID:26276
Info
IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 26276 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5798 CVE-2007-5799 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Jul 06 2016 02:17PM |
| Credit: | The vendor disclosed these vulnerabilities. |
| Vulnerable: |
IBM Websphere Application Server 6.1 .9 IBM Websphere Application Server 6.1 .8 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .4 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .12 IBM Websphere Application Server 6.1 .11 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .23 IBM Websphere Application Server 6.0.2 .22 IBM Websphere Application Server 6.0.2 .21 IBM Websphere Application Server 6.0.2 .17 IBM Websphere Application Server 6.0.2 .15 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.1 IBM Websphere Application Server 6.0 IBM Websphere Application Server 6.0.2.19 IBM Websphere Application Server 6.0.2 Fix Pack 17 |
| Not Vulnerable: |
IBM Websphere Application Server 6.1 .13 |
Discussion
IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
WebSphere Application Server is prone to multiple cross-site request-forgery and cross-site scripting vulnerabilities.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code, and use a victim's currently active session to perform actions with the application.
WebSphere Application Server 6.0 and 6.1 are vulnerable; other versions may also be affected.
WebSphere Application Server is prone to multiple cross-site request-forgery and cross-site scripting vulnerabilities.
Attackers can exploit these issues to steal cookie-based authentication credentials, execute arbitrary script code, and use a victim's currently active session to perform actions with the application.
WebSphere Application Server 6.0 and 6.1 are vulnerable; other versions may also be affected.
Exploit / POC
IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
Solution:
Vendor updates are available. Contact the vendor for more information.
Solution:
Vendor updates are available. Contact the vendor for more information.
References
IBM WebSphere Application Server UDDI Console Multiple Input Validation Vulnerabilities
References:
References: