Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2006 > NISCC Vulnerability Advisory 756460/NISCC/WEBSPHERE - Cross Site Scripting Vulnerability in IBM WebSphere

October 2006

NISCC Vulnerability Advisory 756460/NISCC/WEBSPHERE - Cross Site Scripting Vulnerability in IBM WebSphere

ID: 00728
Ref: 695/2006
Date: 31 October 2006:13:28:18
Version: 1
Title: NISCC Vulnerability Advisory 756460/NISCC/WEBSPHERE - Cross Site Scripting Vulnerability in IBM WebSphere
Abstract: The WebSphere Application Server is vulnerable to a XSS attack through a 'faultfactor' string in the 500 Internal Server Error page on port 8880. This port is enabled on a default installation of Websphere.
Vendors affected: Procheckup
Operating systems affected: Procheckup
Applications affected: Procheckup
Title
=====

NISCC Vulnerability Advisory 756460/NISCC/WEBSPHERE - Cross Site Scripting Vulnerability in
IBM WebSphere

Detail
======

The WebSphere Application Server is vulnerable to a XSS attack through a 'faultfactor'
string in the 500 Internal Server Error page on port 8880. This port is enabled on a default
installation of Websphere.


NISCC Vulnerability Advisory 756460/NISCC/WEBSPHERE

Cross Site Scripting Vulnerability in IBM WebSphere

Version Information
- -------------------
Advisory Reference 756460/NISCC/WEBSPHERE
Release Date 31 October 2006
Last Revision 27 October 2006
Version Number 1.0

Acknowledgement
- ---------------
These vulnerabilities were reported to NISCC by ProCheckup Ltd (http://www.procheckup.com).

What is affected?
- -----------------
The following products are affected:

- - WebSphere version 6.x and possibly earlier

Impact
- ------
If exploited, this vulnerability can potentially lead to remote code execution
on the client systems.

Severity
- --------
Medium

Summary
- -------
IBM WebSphere Application Server is a product within IBM's WebSphere suite. It is built using
open standards such as J2EE, XML, and Web Services. WebSphere Application Server works with a
number of Web servers including Apache HTTP Server and Microsoft Internet Information Services
(IIS).

A Cross Site Scription (XSS) attack has been identified by ProCheckup Ltd. This XSS flaw, if
successfully exploited, can lead to possible remote code execution on a client's system.

Details
- -------
The WebSphere Application Server is vulnerable to a XSS attack through a 'faultfactor' string
in the 500 Internal Server Error page on port 8880. This port is enabled on a default
installation of Websphere.

If exploited, this may allow the execution of malicious code in the browser of an
end-user who visits a malicious link on a server running a vulnerable version of
Websphere Application Server.

Solution
- --------
IBM has released patches to address this issue. They have tracked this vulnerability as
APAR PK16602.

The latest patches for Websphere are available from the WebSphere Support Site.

Vendor Information
- ------------------
IBM is a multinational computer technology corporation headquartered in Armonk, New York, USA.
Founded in 1888, IBM has offices in 75 countries with engineers and consultants in over 170
countries.

For more information about IBM, please visit http://www.ibm.com/

Credits
- -------
The NISCC Vulnerability Management Team would like to thank ProCheckup Ltd for reporting
these issues to NISCC. For more information regarding ProCheckup Ltd, please
visit http://www.procheckup.com.

The NISCC Vulnerability Management Team would also like to thank the IBM Websphere Team for
addressing these vulnerabilities.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email vulteam@niscc.gov.uk
Please quote the advisory reference in the subject line

Telephone +44 (0)870 487 0748 Ext 4511
Monday - Friday 08:30 - 17:00

Fax +44 (0)870 487 0749

Post Vulnerability Management Team
NISCC
PO Box 832
London
SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is
available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email
address above.

If you wish to be added to our email distribution list please email your request to
uniras@niscc.gov.uk.

What is NISCC?
- --------------
For further information regarding the UK National Infrastructure Security Co-ordination
Centre, please visit http://www.niscc.gov.uk.

Reference to any specific commercial product, process, or service by trade name, trademark
manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or
favouring by NISCC. The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained within
this advisory. In particular, they shall not be liable for any loss or damage whatsoever,
arising from or in connection with the usage of information contained within this notice.

© 2006 Crown Copyright

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |