Vigil@nce - WebSphere AS 7: three vulnerabilities
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a Cross Site Scripting, create a denial
of service or obtain information via Websphere Application Server.
Severity: 2/4
Creation date: 04/05/2010
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in Websphere Application
Server 7.
An attacker can generate a Cross Site Scripting in the
administration console. [severity:2/4; 57164, BID-39295,
CVE-2010-0768, PK97376]
An attacker can generate a denial of service in the management of
ORB threads. [severity:2/4; 57182, CVE-2010-0770, PK93653]
When J2CConnectionFactory is defined, KeyRingPassword is stored
unencrypted in the resources.xml file. [severity:2/4; 57185,
BID-39567, CVE-2010-0769, PK95089]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-7-three-vulnerabilities-9624