Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

XML External Entity Information Disclosure Vulnerability in IBM WebSphere

 

Systems Affected


• IBM WebSphere Lombardi Edition Version 7.2

Threat Level


Medium


Overview


An Information Disclosure Vulnerability has been reported in IBM WebSphere which could allow a remote attacker to gain sensitive information by executing specially-crafted XML data


Description


Insufficient input validation exists in callService.do when processing URL parameters in XML entity as service inputs.

A remote attacker could exploit this issue by triggering XML External Entity (XXE) error (service failure error) while processing XML data to obtain sensitive information on the target system .


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in the IBM Security Bulletin

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.