WebSphere UDDI Console Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4273

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote WebSphere server is running on the remote host.
This version is reported vulnerable to a number of flaws in its UDDI Console. The flaws stem from the application's inability to parse user-supplied input to the 'uddigui/navigateTree.do' Java program. Successful exploitation would require that the attacker be able to convince a user to browse a malicious URI. Successful exploitation would result in the attacker executing script code within the client browser.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245

Plugin Details

Severity: Medium

ID: 4273

Family: Web Servers

Published: 10/31/2007

Updated: 3/6/2019

Nessus ID: 27803, 45423

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

CVE: CVE-2007-5798, CVE-2007-5799

BID: 26276