• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Security Vulnerability Reported in i5/OS

    February 5, 2008 Alex Woodie

    IBM on Saturday reported that it has discovered a security vulnerability in i5/OS V5R3 and V5R4 that could lead to cross-site scripting attacks. The flaw, which is in i5/OS’s HTTP Server, is deemed low risk by outside security experts, and has not been fixed yet.

    According to IBM’s Authorized Program Analysis Report, or APAR, the security vulnerability is caused by an input validation error in the HTTP Server. When the HTTP Server receives an unsupported “Expect” header field value, it sends back an error document that includes the Expect header field value.

    Instead of “HTML-escaping” the field header value so that it isn’t processed, the HTTP Server includes the header field value in its error document, according to the APAR. As a result, this error could be exploited by attackers to run arbitrary scripting code in the Web browser as part of a cross-site scripting attack.

    IBM indicated in the APAR that it will fix the problem, but it didn’t indicate a timeframe. The problem is therefore unresolved.

    The security Web site Secunia issued advisory SA28744 concerning the problem, which it rated as “less critical.” The French Security Incident Response Team, in its advisory, gave the vulnerability a “low risk” rating.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Maxava

    Migrate IBM i with Confidence

    Tired of costly and risky migrations? Maxava Migrate Live minimizes disruption with seamless transitions.

    Upgrading to Power10, Power11, or cloud hosted system, Maxava has you covered!

    Book A Consultation Today

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Bytware:  Start the new year off with better security!
    COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
    Seagull Software:  Update your System i apps with LegaSuite GUI

    IT Jungle Store Top Book Picks

    Getting Started with PHP for i5/OS: List Price, $59.95
    The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    i5/OS V6R1 and Its Java Enhancements Setting Up A PHP/Web Environment On System i: Where Do I Start?

    Leave a Reply Cancel reply

Volume 8, Number 5 -- February 5, 2008
THIS ISSUE SPONSORED BY:

Help/Systems
Vision Solutions
Cosyn
Bytware
COMMON

Table of Contents

  • New Web Console Debuts with i5/OS V6R1
  • RPG to .NET Reduces Maintenance Pain, Adds Rich User Interface
  • IBM Makes DB2 Web Query More Affordable
  • Bug Busters’ HA Offering Gets Role Swap Function
  • Security Vulnerability Reported in i5/OS
  • IBM Unveils Pricing and Packaging for DataMirror HA Software
  • V6R1 to Bring New OmniFind Text Search Server
  • ICS Updates FormSprint with GUI Design Tool
  • Disk Dangers Avoided with Robot/SPACE 3.0
  • LTO-5 On Course for 2009

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle