IBM Websphere Application Server是一款企业性质的WEB应用服务程序。 IBM Websphere Application Server中的UDDI用户控制台对用户提交的输入缺少过滤,远程攻击者可以利用漏洞执行任意脚本代码,窃取COOKIE敏感信息。 问题是对传递给uddigui/navigateTree.do页的eyField, nameField, valueField, frameReturn参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息或执行任意代码。 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .23 IBM Websphere Application Server 6.0.2 .22 IBM Websphere Application Server 6.0.2 .13 IBM Websphere...
IBM Websphere Application Server是一款企业性质的WEB应用服务程序。 IBM Websphere Application Server中的UDDI用户控制台对用户提交的输入缺少过滤,远程攻击者可以利用漏洞执行任意脚本代码,窃取COOKIE敏感信息。 问题是对传递给uddigui/navigateTree.do页的eyField, nameField, valueField, frameReturn参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息或执行任意代码。 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .23 IBM Websphere Application Server 6.0.2 .22 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.1 IBM Websphere Application Server 6.0 IBM Websphere Application Server 6.0.2.19 IBM Websphere Application Server 6.0.2 Fix Pack 17 厂商解决方案 可参考如下安全公告获得补丁信息: <a href="http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245" target="_blank">http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245</a>
