← back
CVE-2007-5944

CVE-2007-5944

EPSS 1.8%
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30768unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38700http://secunia.com/advisories/27674http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068http://www-1.ibm.com/support/docview.wss?uid=swg24017314http://www.securityfocus.com/bid/26457http://www.securitytracker.com/id?1018963http://www.vupen.com/english/advisories/2007/3680