CVE-2011-1355

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 before 6.1.0.39 IBM WebSphere Application Server versions 7.0 before 7.0.0.19

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. This can be exploited by manipulating the logoutExitPage parameter to redirect users to malicious sites.

Recommendations For IBM WebSphere Application Server versions 6.1 before 6.1.0.39, update to version 6.1.0.39 or later. For IBM WebSphere Application Server versions 7.0 before 7.0.0.19, update to version 7.0.0.19 or later. As a temporary workaround, consider restricting access to the logoutExitPage parameter to minimize the risk of exploitation.