OSVDB ID: 38700

Title: IBM WebSphere Application Server (WAS) WebContainer Expect HTTP Header XSS

Info

Disclosure

Nov 15, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1018963
CVE ID: 2007-5944 (see also: NVD)
Bugtraq ID: 26457
Secunia Advisory ID: 27674
SCIP VulDB ID: 3465
VUPEN Advisory: ADV-2007-3680
Mail List Post: http://attrition.org/pipermail/vim/2007-November/001847.html
http://attrition.org/pipermail/vim/2007-November/001849.html
http://attrition.org/pipermail/vim/2007-November/001850.html
Other Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068
Vendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=swg24017314

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/38700