Web Servers : IBM WebSphere Application Server XSS Vulnerability (Jul 2010)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.902213

Category: Web Servers

Title: IBM WebSphere Application Server XSS Vulnerability (Jul 2010)

Summary: IBM WebSphere Application Server is prone to a cross-site; scripting (XSS) vulnerability.

Description: Summary:
IBM WebSphere Application Server is prone to a cross-site
scripting (XSS) vulnerability.

Vulnerability Insight:
The flaw is due to an error in the Administration Console,
which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Software/OS:
IBM WebSphere Application Server version 6.0.x prior to
6.0.2.43, 6.1.x prior to 6.1.0.33 and 7.0.x prior to 7.0.0.11.

Solution:
Update to version 6.0.2.43, 6.1.0.33, 7.0.0.11 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0778
AIX APAR: PM11778
http://www-1.ibm.com/support/docview.wss?uid=swg1PM11778
XForce ISS Database: was-admincons-xss(59646)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59646
Common Vulnerability Exposure (CVE) ID: CVE-2010-0779
AIX APAR: PM09250
http://www-1.ibm.com/support/docview.wss?uid=swg1PM09250
XForce ISS Database: was-admin-xss(59647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59647

Copyright Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.902213
Category:	Web Servers
Title:	IBM WebSphere Application Server XSS Vulnerability (Jul 2010)
Summary:	IBM WebSphere Application Server is prone to a cross-site; scripting (XSS) vulnerability.
Description:	Summary: IBM WebSphere Application Server is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an error in the Administration Console, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected Software/OS: IBM WebSphere Application Server version 6.0.x prior to 6.0.2.43, 6.1.x prior to 6.1.0.33 and 7.0.x prior to 7.0.0.11. Solution: Update to version 6.0.2.43, 6.1.0.33, 7.0.0.11 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0778 AIX APAR: PM11778 http://www-1.ibm.com/support/docview.wss?uid=swg1PM11778 XForce ISS Database: was-admincons-xss(59646) https://exchange.xforce.ibmcloud.com/vulnerabilities/59646 Common Vulnerability Exposure (CVE) ID: CVE-2010-0779 AIX APAR: PM09250 http://www-1.ibm.com/support/docview.wss?uid=swg1PM09250 XForce ISS Database: was-admin-xss(59647) https://exchange.xforce.ibmcloud.com/vulnerabilities/59647
Copyright	Copyright (C) 2010 Greenbone AG