IBM WebSphere Application Server CVE-2017-1194 Cross Site Request Forgery Vulnerability



IBM WebSphere Application Server is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Information

Bugtraq ID: 98142
Class: Design Error
CVE: CVE-2017-1194

Remote: Yes
Local: No
Published: Apr 26 2017 12:00AM
Updated: May 02 2017 03:05PM
Credit: IBM
Vulnerable: IBM WebSphere Application Server Liberty Profile 0
IBM Websphere Application Server 8.5.5
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 29
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 7.0 10
IBM Websphere Application Server 7.0 .9
IBM Websphere Application Server 7.0 .8
IBM Websphere Application Server 7.0 .2
IBM Websphere Application Server 7.0 .13
IBM Websphere Application Server 7.0 .12
IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 9.0.0.2
IBM Websphere Application Server 9.0.0.1
IBM Websphere Application Server 9.0.0.0
IBM Websphere Application Server 8.5.5.9
IBM Websphere Application Server 8.5.5.8
IBM Websphere Application Server 8.5.5.7
IBM Websphere Application Server 8.5.5.6
IBM Websphere Application Server 8.5.5.5
IBM Websphere Application Server 8.5.5.4
IBM Websphere Application Server 8.5.5.3
- IBM AIX 4.3
- Linux kernel 2.3 .x
 - Microsoft Windows NT 4.0
 - Sun Solaris 8_sparc
 IBM Websphere Application Server 8.5.5.2
- IBM AIX 4.3
- Linux kernel 2.3 .x
 - Microsoft Windows NT 4.0
 - Sun Solaris 8_sparc
 IBM Websphere Application Server 8.5.5.11
IBM Websphere Application Server 8.5.5.10
IBM Websphere Application Server 8.5.5.1
IBM Websphere Application Server 8.5.0.2
IBM Websphere Application Server 8.5.0.1
IBM Websphere Application Server 8.5.0.0
IBM Websphere Application Server 8.0.0.9
IBM Websphere Application Server 8.0.0.8
IBM Websphere Application Server 8.0.0.7
IBM Websphere Application Server 8.0.0.6
IBM Websphere Application Server 8.0.0.5
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0.0.3
IBM Websphere Application Server 8.0.0.13
IBM Websphere Application Server 8.0.0.12
IBM Websphere Application Server 8.0.0.11
IBM Websphere Application Server 8.0.0.10
IBM Websphere Application Server 8.0.0.1
IBM Websphere Application Server 8.0.0.0
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0.0.7
IBM Websphere Application Server 7.0.0.6
IBM Websphere Application Server 7.0.0.5
IBM Websphere Application Server 7.0.0.43
IBM Websphere Application Server 7.0.0.41
IBM Websphere Application Server 7.0.0.4
IBM Websphere Application Server 7.0.0.39
IBM Websphere Application Server 7.0.0.37
IBM Websphere Application Server 7.0.0.35
IBM Websphere Application Server 7.0.0.34
IBM Websphere Application Server 7.0.0.33
IBM Websphere Application Server 7.0.0.32
IBM Websphere Application Server 7.0.0.31
IBM Websphere Application Server 7.0.0.27
IBM Websphere Application Server 7.0.0.25
IBM Websphere Application Server 7.0.0.24
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.22
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.18
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.16
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.14
IBM Websphere Application Server 7.0.0.1
IBM Websphere Application Server 7.0.0.0


Not Vulnerable:

Exploit


An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.


Source: www.securityfocus.com
Related Posts