Test ID:	1.3.6.1.4.1.25623.1.0.801646
Category:	Web Servers
Title:	IBM WebSphere Application Server XSS and CSRF Vulnerabilities (Nov 2010)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Cross-site scripting (XSS) in the administrative console due to improper filtering on input values - Input sanitation error in the administrative console can be exploited to conduct cross-site request forgery (CSRF) attacks. Vulnerability Impact: Successful exploitation will let attackers to conduct cross-site scripting and cross-site request forgery attacks. Affected Software/OS: IBM WebSphere Application Server versions 6.1.x prior to 6.1.0.35 and 7.0.x prior to 7.0.0.13. Solution: Update to version 6.1.0.35, 7.0.0.13 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0783 AIX APAR: PM14251 http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251 http://www.osvdb.org/69007 http://securitytracker.com/id?1024686 http://secunia.com/advisories/41722 http://secunia.com/advisories/42136 XForce ISS Database: was-admin-cons-xss(62947) https://exchange.xforce.ibmcloud.com/vulnerabilities/62947 Common Vulnerability Exposure (CVE) ID: CVE-2010-0785 AIX APAR: PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 AIX APAR: PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 BugTraq ID: 43875 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 XForce ISS Database: was-admin-console-csrf(62949) https://exchange.xforce.ibmcloud.com/vulnerabilities/62949
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.