Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5799

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5799
Last Modified 15 Nov 2008 02:02:15
Published 02 Nov 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5799

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1.0.12


References

XF - websphere-navigatetree-csrf(38179)

AIXAPAR - PK50245

SECUNIA - 27448

OSVDB - 41619

SECTRACK - 1018884

BID - 26276


Last Updated: 27 May 2016 10:46:16