Multiple IBM Rational Products Cross Site Scripting and HTTP Header Injection Vulnerabilities

IBM Rational Products are prone to a cross-site scripting vulnerability and an HTTP header-injection vulnerability.

An attacker may leverage these issues to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The following products and versions are affected:

Rational Collaborative Lifecycle Management 5.0 through 6.0.6

Rational Quality Manager 5.0 through 5.0.2
Rational Quality Manager 6.0 through 6.0.6

Rational Team Concert 5.0 through 5.0.2
Rational Team Concert 6.0 through 6.0.6

Rational DOORS Next Generation 5.0 through 5.0.2
Rational DOORS Next Generation 6.0 through 6.0.6

Rational Engineering Lifecycle Manager 5.0 through 5.0.2
Rational Engineering Lifecycle Manager 6.0 through 6.0.6

Rational Rhapsody Design Manager 5.0 through 5.0.2
Rational Rhapsody Design Manager 6.0 through 6.0.6

Rational Software Architect Design Manager 5.0 through 5.0.2
Rational Software Architect Design Manager 6.0 through 6.0.1


 

Privacy Statement
Copyright 2010, SecurityFocus