[Japanese]
|
JVNDB-2013-000004
|
WebSphere Application Server (WAS) vulnerable to cross-site scripting
|
WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.
WebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
IBM Corporation
- IBM WebSphere Application Server versions prior to 6.0.2.21
- IBM WebSphere Application Server versions prior to 6.1.0.9
|
|
An arbitrary script may be executed on the user's web browser.
|
[Apply a patch]
Apply the patch according to the information provided by the developer.
According to the developer, this issue was resolved for WAS 6.0.2.21 and WAS 6.1.0.9 in 2007.
WAS 6.0.2.21 is no longer supported, and the End of Support for WAS 6.1.0.9 is scheduled for September 30, 2013.
|
IBM Corporation
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- JVN : JVN#24343509
|
- [2013/01/25]
Web page was published
|