[SingCERT] IBM WebSphere Application Server 'logoutExitPage' Parameter Security Bypass Vulnerability

Mailing List

[SingCERT] IBM WebSphere Application Server 'logoutExitPage' Parameter Security Bypass Vulnerability

Attention: open in a new window.

[ Summary ]

IBM WebSphere Application Server is prone to a security-bypass vulnerability because it fails to properly validate the 'logoutExitPage' parameter. An attacker can exploit this issue to redirect to a domain that should be blocked.

[ Affected Systems ]

IBM WebSphere Application Server 6.1 and 7.0 are vulnerable; other versions may also be affected.

[ Impact Analysis ]

Successful exploits may allow attackers to bypass certain security restrictions, which may lead to other attacks.

[ Solution/Workaround ]

The vendor has released a fix.

http://www-01.ibm.com/support/docview.wss?uid=swg1PM42436

[ Reference ]

http://xforce.iss.net/xforce/xfdb/68570

< Prev		Next >

Additional Information

About Us
FAQ
Disclaimer
Security Awareness

Search, View and Navigation

Mailing List

Archive

[SingCERT] IBM WebSphere Application Server 'logoutExitPage' Parameter Security Bypass Vulnerability

Additional Information

Symantec Security Alerts