The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of WebSphere AS 6.1: five vulnerabilities

Synthesis of the vulnerability 

An attacker can obtain information or generate a denial of service via Websphere Application Server.
Impacted systems: WebSphere AS Traditional.
Severity of this alert: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 21/06/2010.
Revisions dates: 25/06/2010, 17/09/2010.
Références of this alert: 59646, 59647, BID-41081, BID-41084, BID-41091, BID-41148, BID-41149, BID-43425, CERTA-2010-AVI-289, CVE-2010-0778, CVE-2010-0779, CVE-2010-0781, CVE-2010-1632, CVE-2010-2324, CVE-2010-2325, CVE-2010-2327, PM09250, PM10270, PM11778, PM11807, PM14765, PM14844, PM14847, swg21433581, VIGILANCE-VUL-9719, was-admincons-xss, was-admin-xss.

Description of the vulnerability 

Five vulnerabilities were announced in Websphere Application Server.

An attacker can send a malformed message, in order to read a file or to generate a denial of service via JAX-WS/JAX-RS. [severity:2/4; CVE-2010-1632, PM14765, PM14844, PM14847, swg21433581]

An attacker can upload a SSL file larger than 2Go, in order to create a denial of service. [severity:1/4; BID-41081, CVE-2010-2327, PM10270]

An attacker can generate a Cross Site Scripting in the administration console. [severity:2/4; 59647, BID-41084, BID-41149, CVE-2010-0779, CVE-2010-2324, PM09250, was-admin-xss]

An attacker can create a Cross Site Scripting and inject an url, in the administrative console. [severity:2/4; 59646, BID-41091, BID-41148, CERTA-2010-AVI-289, CVE-2010-0778, CVE-2010-2325, PM11778, was-admincons-xss]

An attacker can use a special url, in order to overload the processor. [severity:2/4; BID-43425, CVE-2010-0781, PM11807]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as WebSphere AS Traditional.

Our Vigil@nce team determined that the severity of this threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat 

WebSphere AS: version
Version is corrected:
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability announces. The Vigil@nce vulnerability database contains several thousand vulnerabilities.