IBM WebSphere Application Server Cross-Site Scripting Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Medio
Identificadores de CVE : CVE-2009-2747
Fecha recomendada: 21 de julio de 2015
Descripción
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software y versión afectados
- IBM WebSphere Application Server 6.1.x