IBM WebSphere Application Server 7.0 < / 8.0 < / 8.5 < OAuth Provider XSS

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote web application server is affected by an XSS vulnerability.

Description :

The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to, 8.0 prior to, or 8.5 prior to It is, therefore, potentially affected by a reflected
cross-site scripting (XSS) vulnerability due to a failure to properly
validate output from the OAuth provider before returning it to users.
An authenticated, remote attacker can exploit this, via a specially
crafted URL, to execute arbitrary script code in a user's browser
session within the security context of the hosting website.

See also :

Solution :

Apply IBM WebSphere Application Server version 7.0 Fix Pack 41
( / 8.0 Fix Pack 12 ( / 8.5 Fix Pack 9 ( or
later. Alternatively, apply the appropriate Interim Fixes as
recommended in the vendor advisory.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 90316 ()

Bugtraq ID: 81738

CVE ID: CVE-2015-7417

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now