4.3

CVE-2007-5944

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.  NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version5.1.1.4
IbmWebsphere Application Server Version5.1.1.5
IbmWebsphere Application Server Version5.1.1.6
IbmWebsphere Application Server Version5.1.1.7
IbmWebsphere Application Server Version5.1.1.8
IbmWebsphere Application Server Version5.1.1.9
IbmWebsphere Application Server Version5.1.1.10
IbmWebsphere Application Server Version5.1.1.11
IbmWebsphere Application Server Version5.1.1.12
IbmWebsphere Application Server Version5.1.1.13
IbmWebsphere Application Server Version5.1.1.14
IbmWebsphere Application Server Version5.1.1.15
IbmWebsphere Application Server Version5.1.1.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.79% 0.754
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/38700
http://secunia.com/advisories/27674
http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068
http://www-1.ibm.com/support/docview.wss?uid=swg24017314
http://www.securityfocus.com/bid/26457
http://www.securitytracker.com/id?1018963
http://www.vupen.com/english/advisories/2007/3680