CVE-2007-5799 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField (2) nameField (3) valueField and (4) frameReturn parameters.

Reference

http://osvdb.org/41619 http://secunia.com/advisories/27448 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 https://exchange.xforce.ibmcloud.com/vulnerabilities/38179