|
Family: CGI abuses : XSS --> Category: attack
IBM WebSphere Application Server SOAP Connector Cross-Site Scripting Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for an XSS flaw in WebSphere Application Server's SOAP Connector
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SOAP server is vulnerable to a cross-site scripting attack.
Description :
The remote SOAP server fails to sanitize user input via the URI before
using it to generate dynamic XML content in an error page. An
unauthenticated remote attacker may be able to leverage this issue to
inject arbitrary XML into a user's browser.
See also :
http://www.securityfocus.com/archive/1/450704/30/0/threaded
http://www.niscc.gov.uk/niscc/docs/br-20061031-00728.html?lang=en
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only
Solution :
Apply version 5.0.2 Cumulative Fix 17 / 5.1.1 Cumulative Fix 12 /
6.0.2 Fix Pack 9, depending on the installed version of IBM WebSphere
Application Server.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|