IBM WebSphere Application Server SOAP Connector Error Page XSS

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote SOAP server is vulnerable to a cross-site scripting

Description :

The remote SOAP server fails to sanitize user input via the URI
before using it to generate dynamic XML content in an error page. An
unauthenticated, remote attacker may be able to leverage this issue to
inject arbitrary XML into a user's browser.

See also :

Solution :

Apply version 5.0.2 Cumulative Fix 17 / 5.1.1 Cumulative Fix 12 /
6.0.2 Fix Pack 9, depending on the installed version of IBM WebSphere
Application Server.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 23649 ()

Bugtraq ID: 17919

CVE ID: CVE-2006-2431

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now