Se ha descubierto una vulnerabilidad en IBM WebSphere que podría ser aprovechada por un atacante para realizar ataques por cross site scripting.Esta vulnerabilidad se debe a un error en la comprobación de los parámetros keyField, nameField, valueField, y frameReturn en uddigui/navigateTree.do. Un atacante podría aprovechar esto para ejecutar código html y script arbitrario en el contexto del navegador a través de una página web especialmente manipulada.
IBM ha anunciado que esta vulnerabilidad será solventada en la actualización WebSphere Application Server 6.1.0 fix pack 13 (6.1.0.13).
Más Información:
PK50245: Validation needed for parameters that are passed to the navigatetree.do page in the uddi user console
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245
Fuente de la Noticia –> Hispasec.com
very interesting, but I don’t agree with you
Idetrorce
This is an extracted news of a place dedicated to the computer security. They are always suggesting simple measures to avoid attacks to the computer systems.
The XSS is an attack method that it even continues being practiced in different places of the world, the one finishes attack being based on this method it was made toward the website of FBI in this month.
I thank you the one that you find gone by my blog.
I hope to see but followed your comments.
greetings for you.