SNS Vulnerability

IBM WebSphere Application Server OAuth XSS Vulnerability Fixed by 7.0.0.41, 8.0.0.1 and 8.5.5.9

Description

(:A cross-site scripting vulnerability has been identified in IBM WebSphere Application Server for any consumers of the OAuth provider output.:A remote authentificated attacker could exploit it by inciting the victim into following a specially crafted URL in order to execute arbitrary HTML/JavaScript code.)

Vulnerable Products

Vulnerable Software:
BigFix Inventory (Tivoli Asset Discovery for Distributed) (IBM) - 9.2License Metric Tool (IBM) - 9.2WebSphere Application Server (IBM) - 7.0, 7.0.0.1, 7.0.0.11, 7.0.0.12, 7.0.0.13, ..., 8.5.5.5, 8.5.5.6, 8.5.5.7, 8.5.5.8, 8.5.x.x

Solution

IBM has released version 9.2.6 of the products License Metric Tool and BigFix Inventory in order to fix this vulnerability.

CVE

CVE-2015-7417

References

- IBM Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2015-7417)
http://www-304.ibm.com/support/docview.wss?uid=swg21974520
- IBM Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 - United States
http://www-01.ibm.com/support/docview.wss?uid=swg21994916

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-01-19

Target Type

Server

Possible exploit

Remote