Cross-Site Scripting Vulnerability in IBM WebSphere Edge Server
CVE-2008-0717

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Edge Server
Vendor: CVE Published:; 12 February 2008

Summary

The Caching Proxy (CP) component of IBM WebSphere Edge Server versions 5.1 through 6.1 is susceptible to a cross-site scripting (XSS) vulnerability. When CGI mapping rules are enabled, an attacker can exploit this flaw to inject arbitrary web scripts or HTML into the application. This can occur through unspecified vectors that trigger the injection into error responses, allowing a remote attacker to manipulate the web content served to users, potentially leading to phishing attacks or the execution of malicious scripts.

References

http://www.vupen.com/english/advisories/2008/0446

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/27665

vdb-entryx_refsource_BID

http://www-1.ibm.com/support/docview.wss?uid=swg21294776

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 12, 2008
Vulnerability Reserved
Feb 11, 2008