CVE-2010-3271: CSRF
First published: Mon Jul 18 2011(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.28 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.52 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.5.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =4.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =4.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.32 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | <=7.0.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =2.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.30 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =4.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.5.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.5.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =4.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =5.1.1.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =3.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3271?
CVE-2010-3271 has a medium severity rating due to the potential for remote attackers to hijack administrator sessions.
How do I fix CVE-2010-3271?
To fix CVE-2010-3271, you should upgrade IBM WebSphere Application Server to a version later than 7.0.0.13.
What types of attacks does CVE-2010-3271 enable?
CVE-2010-3271 enables cross-site request forgery (CSRF) attacks that can compromise administrative sessions.
Which versions of IBM WebSphere Application Server are affected by CVE-2010-3271?
IBM WebSphere Application Server versions 7.0.0.13 and earlier are affected by CVE-2010-3271.
Is there a workaround for CVE-2010-3271 if I cannot patch immediately?
Implementing strict CSRF protection measures and limiting access to the administrative console can serve as temporary workarounds for CVE-2010-3271.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/5.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.31
- version/ibm websphere application server feature pack for web services/3.0.21
- version/ibm websphere application server feature pack for web services/6.1.7
- version/ibm websphere application server feature pack for web services/5.1.0.5
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/7.0.0.2
- version/ibm websphere application server feature pack for web services/5.0.2.10
- version/ibm websphere application server feature pack for web services/5.1.1.14
- version/ibm websphere application server feature pack for web services/5.0.2.5
- version/ibm websphere application server feature pack for web services/5.0.2.1
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/5.1.1.2
- version/ibm websphere application server feature pack for web services/6.1.6
- version/ibm websphere application server feature pack for web services/3.0.2.1
- version/ibm websphere application server feature pack for web services/7.0.0.5
- version/ibm websphere application server feature pack for web services/5.0
- version/ibm websphere application server feature pack for web services/6.0.2.1
- version/ibm websphere application server feature pack for web services/6.0.2.5
- version/ibm websphere application server feature pack for web services/6.0.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/5.0.2.11
- version/ibm websphere application server feature pack for web services/5.1.1
- version/ibm websphere application server feature pack for web services/3.5
- version/ibm websphere application server feature pack for web services/5.1.1.6
- version/ibm websphere application server feature pack for web services/7.0.0.9
- version/ibm websphere application server feature pack for web services/5.1.0
- version/ibm websphere application server feature pack for web services/6.0.1.15
- version/ibm websphere application server feature pack for web services/5.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.4
- version/ibm websphere application server feature pack for web services/5.0.2.3
- version/ibm websphere application server feature pack for web services/6.1.0.33
- version/ibm websphere application server feature pack for web services/7.0.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.25
- version/ibm websphere application server feature pack for web services/6.0.1.3
- version/ibm websphere application server feature pack for web services/5.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.13
- version/ibm websphere application server feature pack for web services/6.1.14
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.0.2.9
- version/ibm websphere application server feature pack for web services/5.1.1.15
- version/ibm websphere application server feature pack for web services/5.1.1.3
- version/ibm websphere application server feature pack for web services/6.0.1.11
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/6.0.2.28
- version/ibm websphere application server feature pack for web services/5.1.1.13
- version/ibm websphere application server feature pack for web services/7.0.0.8
- version/ibm websphere application server feature pack for web services/6.0.2.11
- version/ibm websphere application server feature pack for web services/6.0.2.6
- version/ibm websphere application server feature pack for web services/5.0.2.12
- version/ibm websphere application server feature pack for web services/5.1.1.10
- version/ibm websphere application server feature pack for web services/6.0.2.2
- version/ibm websphere application server feature pack for web services/3.52
- version/ibm websphere application server feature pack for web services/6.0.2
- version/ibm websphere application server feature pack for web services/5.0.2.8
- version/ibm websphere application server feature pack for web services/3.5.2
- version/ibm websphere application server feature pack for web services/4.0.3
- version/ibm websphere application server feature pack for web services/3.0.2.2
- version/ibm websphere application server feature pack for web services/6.0.2.24
- version/ibm websphere application server feature pack for web services/4.0.4
- version/ibm websphere application server feature pack for web services/6.0.1.9
- version/ibm websphere application server feature pack for web services/6.0.1.17
- version/ibm websphere application server feature pack for web services/6.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.4
- version/ibm websphere application server feature pack for web services/6.0.2.32
- version/ibm websphere application server feature pack for web services/6.0.2.17
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/3.0
- version/ibm websphere application server feature pack for web services/6.0.1.2
- version/ibm websphere application server feature pack for web services/7.0.0.13
- version/ibm websphere application server feature pack for web services/2.0
- version/ibm websphere application server feature pack for web services/5.1.1.17
- version/ibm websphere application server feature pack for web services/6.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.30
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.29
- version/ibm websphere application server feature pack for web services/4.0.2
- version/ibm websphere application server feature pack for web services/6.1.5
- version/ibm websphere application server feature pack for web services/6.1.0.27
- version/ibm websphere application server feature pack for web services/6.1.0.29
- version/ibm websphere application server feature pack for web services/5.1.1.7
- version/ibm websphere application server feature pack for web services/6.0.2.23
- version/ibm websphere application server feature pack for web services/5.1.0.4
- version/ibm websphere application server feature pack for web services/3.5.1
- version/ibm websphere application server feature pack for web services/5.0.2.16
- version/ibm websphere application server feature pack for web services/5.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.13
- version/ibm websphere application server feature pack for web services/6.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.7
- version/ibm websphere application server feature pack for web services/3.5.3
- version/ibm websphere application server feature pack for web services/5.0.2.2
- version/ibm websphere application server feature pack for web services/7.0.0.6
- version/ibm websphere application server feature pack for web services/3.0.2.3
- version/ibm websphere application server feature pack for web services/6.0.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.0.2.27
- version/ibm websphere application server feature pack for web services/6.1.1
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/5.1.1.1
- version/ibm websphere application server feature pack for web services/5.0.2.9
- version/ibm websphere application server feature pack for web services/5.0.2.6
- version/ibm websphere application server feature pack for web services/5.0.2.13
- version/ibm websphere application server feature pack for web services/5.1.1.12
- version/ibm websphere application server feature pack for web services/6.0.2.22
- version/ibm websphere application server feature pack for web services/6.0.1.5
- version/ibm websphere application server feature pack for web services/7.0.0.7
- version/ibm websphere application server feature pack for web services/3.0.2.4
- version/ibm websphere application server feature pack for web services/5.1.1.8
- version/ibm websphere application server feature pack for web services/6.0.1.7
- version/ibm websphere application server feature pack for web services/6.0
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.0.2.3
- version/ibm websphere application server feature pack for web services/5.0.2.4
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/5.1.1.16
- version/ibm websphere application server feature pack for web services/6.1.0.23
- version/ibm websphere application server feature pack for web services/5.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.19
- version/ibm websphere application server feature pack for web services/6.0.1.1
- version/ibm websphere application server feature pack for web services/5.1.1.9
- version/ibm websphere application server feature pack for web services/5.0.2.14
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.2.25
- version/ibm websphere application server feature pack for web services/5.1.1.11
- version/ibm websphere application server feature pack for web services/5.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/5.0.2.7
- version/ibm websphere application server feature pack for web services/4.0.1
- version/ibm websphere application server feature pack for web services/5.1.1.5
- version/ibm websphere application server feature pack for web services/5.1.1.4
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.0.1.13
- version/ibm websphere application server feature pack for web services/3.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.0.2.31
- version/ibm websphere application server feature pack for web services/6.1.3