Signature Detail
Short Name |
HTTP:XSS:HTML-SCRIPT-IN-AE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HTML Script Tag Embedded in Accept-Encoding |
Release Date |
2013/06/07 |
Update Number |
2271 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: HTML Script Tag Embedded in Accept-Encoding
This signature detects cross site scripting attacks. Attackers can create a malicious Web site that includes HTML embedded in the hyperlinks, which might violate site security settings. Attackers can then view the Web cookies from a target computer. Web cookies typically contain sensitive information such as usernames, passwords, credit card numbers, social security numbers, and bank account numbers.
Extended Description
Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected Products
- ibm maximo 4.1
- ibm maximo 5.2
References
- BugTraq: 30180
- CVE: CVE-2008-3161