CVE-2016-9692
HIGHIBM WebSphere Cast Iron Solution 7.0.0-7.5.0.0 - Server-Side Request Forgery via Improper Input Validation
Title source: llmDescription
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.
References (2)
Core 2
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98337
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21998014
Scores
CVSS v3
8.6
EPSS
0.0086
EPSS Percentile
75.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (7)
ibm/websphere_cast_iron_solution
7.0.0
ibm/websphere_cast_iron_solution
7.0.0.1
ibm/websphere_cast_iron_solution
7.0.0.2
ibm/websphere_cast_iron_solution
7.5.0.0
ibm/websphere_cast_iron_solution
7.5.0.1
ibm/websphere_cast_iron_solution
7.5.1.0
IBM Corporation/WebSphere Cast Iron Cloud integration
7.0.0. 7.5.0.0
Published
May 05, 2017
Tracked Since
Feb 18, 2026