PK15571; 5.1.1.7: Inserting certain script tags in
URLs may allow execution
Downloadable files
Abstract
Inserting certain script tags in the SnoopServlet URL may
allow the unintended execution of scripts.
Download Description
PK15571 resolves the following problem:
ERROR DESCRIPTION:
Most web browsers have the capability to interpret scripts embedded in web
pages downloaded from a web server. Such scripts may be written in a
variety of scripting languages and are run by the client's browser. Most
browsers are installed with the capability to run scripts enabled by
default.
This APAR is for Snoop servlet, which allows scripts to be executed by
browsers. This exposes Snoop servlet to potential security risks when
executed with the following URL:
'http://localhost:9080/snoop/<script>alert('Vulnerable')</script>'
USERS AFFECTED:
IBM® WebSphere® Application Server Default Application or Snoop servlet
users
PROBLEM DESCRIPTION:
Inserting certain script tags in the SnoopServlet URL may allow the
unintended execution of scripts.
RECOMMENDATION:
None
Most web browsers have the capability to interpret scripts embedded in web
pages downloaded from a web server. Such scripts may be written in a
variety of scripting languages and are run by the client's browser. Most
browsers are installed with the capability to run scripts enabled by
default.
This APAR is for Snoop servlet, which allows scripts to be executed by
browsers. This exposes Snoop servlet to potential security risks when
executed with the following URL:
'http://localhost:9080/snoop/<script>alert('Vulnerable')</script>'