header-logo
Suggest Exploit
vendor:
Websphere Edge Server
by:
Georgi Guninski
7.5
CVSS
HIGH
Insufficient sanitization of user-supplied input
79
CWE
Product Name: Websphere Edge Server
Affected Version From: 4.1.2000
Affected Version To: 4.1.0.2
Patch Exists: YES
Related CWE: CVE-2002-0206
CPE: a:ibm:websphere_edge_server:4.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

A vulnerability in the Caching Proxy component bundled with the IBM Websphere Edge Server

Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the header of the website visited by the victim. Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials.

Mitigation:

Upgrade to IBM Websphere Edge Server 4.1.1.1 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6001/info

A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server.

Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code, which will be executed in the header of the website visited by the victim.

Attacks of this nature may make it possible for attackers to steal cookie-based authentication credentials. 

GET /%0a%0dLocation:%20http://www.evil.com/"><img%20src="javascript:alert
(document.domain)">HTTP/1.0

Navigation

Suggest Exploit

Services By CQR