IBM WebSphere Application Server for z/OS Multiple Vulnerabilities
Schweregrad:: Mittel
CVE Kennungen:: CVE-2009-0855,CVE-2009-1173
Hinweisdatum: 21 Juli 2015
Beschreibung
IBM WebSphere Application Server (WAS) for z/OS is prone to a cross-site scripting issue and a file-permission security issue.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The attacker can exploit the file-permission issue to gain write access to certain files, which could affect system integrity and lead to other attacks.
These issues affect WAS 7.0 for z/OS.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Betroffene Software und Version:
- IBM Websphere Application Server 7.0