Intrusion Prevention

IBM.WebSphere.AS.Webcontainer.XSS

Description

This indicates an attack attempt to exploit a cross-site-scripting (XSS) vulnerability in IBM Websphere Application Server.
The vulnerability is a result of the application's failure to properly sanitize certain HTTP headers. As a result, a remote attacker can send a crafted query to inject arbitrary scripts or html, via the HTTP header.

Affected Products

IBM Websphere Application Server 5.1.1 .9
IBM Websphere Application Server 5.1.1 .8
IBM Websphere Application Server 5.1.1 .7
IBM Websphere Application Server 5.1.1 .6
IBM Websphere Application Server 5.1.1 .5
IBM Websphere Application Server 5.1.1 .4
IBM Websphere Application Server 5.1.1 .16
IBM Websphere Application Server 5.1.1 .15
IBM Websphere Application Server 5.1.1 .14
IBM Websphere Application Server 5.1.1 .13
IBM Websphere Application Server 5.1.1 .12
IBM Websphere Application Server 5.1.1 .11
IBM Websphere Application Server 5.1.1 .10

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www-01.ibm.com/software/websphere/

CVE References

CVE-2007-5944