| VID |
22426 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The WebSphere Application Server is vulnerable to a cross-site scripting vulnerability related to SOAP port. IBM WebSphere Application Server is a product within IBM's WebSphere suite. IBM WebSphere Application Server versions 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7 are vulnerable to a cross-site scripting vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp). This port is enabled on a default installation of WebSphere. A remote attacker could exploit this vulnerability to inject arbitrary web script or XML or HTML via the URI, which is contained in a FAULTACTOR element on this page.
* References:
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only
http://www.securityfocus.com/archive/1/450704/30/0/threaded
http://www.niscc.gov.uk/niscc/docs/br-20061031-00728.html?lang=en
http://www.frsirt.com/english/advisories/2006/1736
http://secunia.com/advisories/20032/
* Platforms Affected:
IBM WebSphere Application Server versions prior to 5.0.2.17
IBM WebSphere Application Server versions 5.1.x prior to 5.1.1.12
IBM WebSphere Application Server versions 6.0.x prior to 6.0.2.9
Any operating system Any version |
| Recommendation |
Apply the latest WebSphere Application Server Cumulative Fix Pack (5.0.2.17 or 5.1.1.12 or 6.0.2.9 or later), available from the IBM Support & downloads Web sites:
For IBM WebSphere Application Server 6.0.2 - Apply Fix Pack 9 (6.0.2.9) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064
For IBM WebSphere Application Server 5.1.1 - Apply Cumulative Fix 12 (5.1.1.12) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980
For IBM WebSphere Application Server 5.0.2 - Apply Cumulative Fix 16 (5.0.2.17) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773 |
| Related URL |
CVE-2006-2431 (CVE) |
| Related URL |
17919 (SecurityFocus) |
| Related URL |
26561 (ISS) |
|
