CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
71.1%
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | jboss_enterprise_application_platform | 4.2 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:* |
redhat | jboss_enterprise_application_platform | 4.2.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:* |
secunia.com/advisories/35680
secunia.com/advisories/37671
securitytracker.com/id?1023315
www.osvdb.org/60898
www.osvdb.org/60899
www.securityfocus.com/bid/37276
bugzilla.redhat.com/show_bug.cgi?id=510023
exchange.xforce.ibmcloud.com/vulnerabilities/54700
jira.jboss.org/jira/browse/JBAS-7105
jira.jboss.org/jira/browse/JBPAPP-2274
jira.jboss.org/jira/browse/JBPAPP-2284
rhn.redhat.com/errata/RHSA-2009-1636.html
rhn.redhat.com/errata/RHSA-2009-1637.html
rhn.redhat.com/errata/RHSA-2009-1649.html
rhn.redhat.com/errata/RHSA-2009-1650.html