IBM WebSphere Application Server Eclipse Help跨站脚本漏洞

2009-09-21T00:00:00
ID SSV:12358
Type seebug
Reporter Root
Modified 2009-09-21T00:00:00

Description

Bugraq ID: 36455 CVE ID:CVE-2009-2742

IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server包含的Eclipse Help组件不正确验证用户提供的输入,远程攻击者可以利用漏洞使用特殊构建的URL,诱使用户点击,可在目标用户浏览器上执行任意脚本代码。 目前没有详细漏洞细节提供。

IBM Websphere Application Server 6.1 25 IBM Websphere Application Server 6.1 23 IBM Websphere Application Server 6.1 22 IBM Websphere Application Server 6.1 21 IBM Websphere Application Server 6.1 20 IBM Websphere Application Server 6.1 19 IBM Websphere Application Server 6.1 18 IBM Websphere Application Server 6.1 17 IBM Websphere Application Server 6.1 15 IBM Websphere Application Server 6.1 13 IBM Websphere Application Server 6.1 12 IBM Websphere Application Server 6.1 10 IBM Websphere Application Server 6.1 .9 IBM Websphere Application Server 6.1 .7 IBM Websphere Application Server 6.1 .6 IBM Websphere Application Server 6.1 .5 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .14 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 IBM Websphere Application Server 6.1 用户可联系供应商下载使用Fix Pack (6.1.0.27或之后)或APAR PK78917补丁: http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980