2 matches found
IBM WebSphere Application Server 'logoutExitPage'参数安全绕过漏洞
Bugtraq ID: 48710 CVE ID:CVE-2011-1355 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 WebSphere Application Server对logoutExitPage参数缺少正确校验,允许远程攻击者绕过安全限制。攻击者可以利用此漏洞重定向应阻拦的域上面。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
CVE-2011-1355
CVE-2011-1355 affects IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19. The vulnerability is an open redirect via the logoutExitPage parameter, allowing remote attackers to redirect users to arbitrary sites and potentially enable phishing. Multiple connected sour...