IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote web application server is affected by a cross-site
scripting vulnerability.

Description :

The version of IBM WebSphere Application Server running on the remote
host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to
8.5.5.12, or 9.0 prior to 9.0.0.5. It is, therefore, affected by a
cross-site scripting flaw because the Admin Console does not validate
unspecified input before returning it to users. This
may allow a remote attacker to create a specially crafted request
that will execute arbitrary script code in a user's browser
session within the trust relationship between their browser and
the server.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg22004786

Solution :

Apply IBM WebSphere Application Server version 7.0 Fix Pack 45
(7.0.0.45) (targeted availability 2Q 2018) / 8.0 Fix Pack 14
(8.0.0.14) (targeted availability 16 October 2017) / 8.5 Fix Pack 12
(8.5.5.12) / 9.0 Fix Pack 5 (9.0.0.5) (targeted availability
29 September 2017) or later. Alternatively, apply the appropriate
Interim Fix PI82078 as recommended in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 102199 ()

Bugtraq ID: 99961

CVE ID: CVE-2017-1380

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now