CVE-2007-5799

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions prior to 6.1.0 Fix Pack 13 (6.1.0.13)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the UDDI user console. These vulnerabilities allow remote attackers to perform certain actions as WAS UDDI users by exploiting the keyField, nameField, valueField, and frameReturn parameters in the uddigui/navigateTree.do endpoint.

Recommendations For IBM WebSphere Application Server (WAS) versions prior to 6.1.0 Fix Pack 13 (6.1.0.13), update to version 6.1.0 Fix Pack 13 (6.1.0.13) or later to resolve the issue. As a temporary workaround, consider restricting access to the uddigui/navigateTree.do endpoint to minimize the risk of exploitation. Avoid using the keyField, nameField, valueField, and frameReturn parameters in the vulnerable endpoint until the issue is resolved.