IBM WebSphere Application Server Cross-Site Scripting Vulnerability
Data de publicação: 21 julho 2015
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2009-2747
Data do informe: 21 julho 2015
Descrição
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software infectado e versão:
- IBM WebSphere Application Server 6.1.x