N/A

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

N/A

N/A

IBM WebSphere Edge Server Caching Proxy HTTP头信息跨站脚本执行漏洞

IBM WebSphere Edge Server Caching Proxy是WEB服务器缓冲代理系统。 缓冲代理服务器对用户提交的'Location:'头信息请求缺少正确过滤，远程攻击者可以利用这个漏洞构建恶意WEB页，诱使用户点击，进行跨站脚本执行攻击。 缓冲代理服务器对用户提交的'Location'数据过滤不正确，攻击者可以通过构建HTTP头部'Location'字段中包含任意HTML和脚本代码的链接，诱使目标用户点击链接，就可以导致攻击者提供的脚本代码在客户端浏览器上执行，可窃取基于Cookie

N/A

N/A