PROBLEM:
A vulnerability has been reported in IBM WebSphere Application Server.
PLATFORM:
IBM WebSphere Application Server 6.1.x
IBM WebSphere Application Server 7.0.x
IBM WebSphere Application Server 8.0.x
ABSTRACT:
The vulnerability is caused due to missing access controls in the Application Snoop Servlet when handling requests and can be exploited to disclose request and client information.
Reference Links:
Secunia Advisory 49352
CVE-2012-2170
Vendor Advisory
IMPACT ASSESSMENT:
High
Discussion:
WebSphere Application Server Administration Console is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Administrative Console. A remote attacker could exploit this vulnerability using unspecified attack vectors to inject script in a victim's web browser within the security context of the hosting Web site.
Impact:
Exposure of sensitive information
Solution:
Apply APAR PM56183 or update to version 6.1.0.45, 7.0.0.23, or 8.0.0.4.