Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

XML External Entity Information Disclosure Vulnerability in IBM WebSphere

 

Systems Affected


• IBM WebSphere Lombardi Edition Version 7.2

Threat Level


Medium


Overview


An Information Disclosure Vulnerability has been reported in IBM WebSphere which could allow a remote attacker to gain sensitive information by executing specially-crafted XML data


Description


Insufficient input validation exists in callService.do when processing URL parameters in XML entity as service inputs.

A remote attacker could exploit this issue by triggering XML External Entity (XXE) error (service failure error) while processing XML data to obtain sensitive information on the target system .


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.