CVE-2007-5944

IBM WebSphere Application Server <5.1.1.17 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5944. PoCs published by anonymous.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server by injecting a malicious script via the 'Expect' HTTP header. The script is reflected in error messages, potentially allowing cookie theft or other attacks.

Description

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · textremotemultiple

https://www.exploit-db.com/exploits/30768

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server by injecting a malicious script via the 'Expect' HTTP header. The script is reflected in error messages, potentially allowing cookie theft or other attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IBM WebSphere Application Server

No auth needed

Prerequisites: Target server running vulnerable IBM WebSphere Application Server · Ability to send crafted HTTP requests to the target

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26457

Various Sources x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?uid=swg24017314

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27674

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3680

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/38700

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018963

Scores

EPSS 0.0253

EPSS Percentile 85.6%

Details

CWE

CWE-79

Status published

Products (13)

ibm/websphere_application_server 5.1.1.4

ibm/websphere_application_server 5.1.1.5

ibm/websphere_application_server 5.1.1.6

ibm/websphere_application_server 5.1.1.7

ibm/websphere_application_server 5.1.1.8

ibm/websphere_application_server 5.1.1.9

ibm/websphere_application_server 5.1.1.10

ibm/websphere_application_server 5.1.1.11

ibm/websphere_application_server 5.1.1.12

ibm/websphere_application_server 5.1.1.13

... and 3 more

Published Nov 14, 2007

Tracked Since Feb 18, 2026