Lucene search

MitreCVE-2011-1360

HistoryOct 28, 2011 - 2:49 a.m.

CVE-2011-1360

2011-10-2802:49:52

CWE-79

mitre

web.nvd.nist.gov

cve-2011-1360

cross-site scripting

xss

ibm http server

websphere application server

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/.

Affected configurations

Nvd

Node

ibmhttp_serverRange≤2.0.47

ibmhttp_serverMatch1.0

ibmhttp_serverMatch1.3.6.3

ibmhttp_serverMatch1.3.12

ibmhttp_serverMatch1.3.12.2

ibmhttp_serverMatch1.3.12.6

ibmhttp_serverMatch1.3.12.7

ibmhttp_serverMatch1.3.19

ibmhttp_serverMatch1.3.19.4

ibmhttp_serverMatch1.3.19.5

ibmhttp_serverMatch1.3.19.6

ibmhttp_serverMatch1.3.26

ibmhttp_serverMatch1.3.26.1

ibmhttp_serverMatch1.3.26.2

ibmhttp_serverMatch1.3.28

ibmhttp_serverMatch1.3.28.1

ibmhttp_serverMatch2.0

ibmhttp_serverMatch2.0.42

ibmhttp_serverMatch2.0.42.1

ibmhttp_serverMatch2.0.42.2

VendorProductVersionCPE
ibmhttp_server*cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*
ibmhttp_server1.0cpe:2.3:a:ibm:http_server:1.0:*:*:*:*:*:*:*
ibmhttp_server1.3.6.3cpe:2.3:a:ibm:http_server:1.3.6.3:*:*:*:*:*:*:*
ibmhttp_server1.3.12cpe:2.3:a:ibm:http_server:1.3.12:*:*:*:*:*:*:*
ibmhttp_server1.3.12.2cpe:2.3:a:ibm:http_server:1.3.12.2:*:*:*:*:*:*:*
ibmhttp_server1.3.12.6cpe:2.3:a:ibm:http_server:1.3.12.6:*:*:*:*:*:*:*
ibmhttp_server1.3.12.7cpe:2.3:a:ibm:http_server:1.3.12.7:*:*:*:*:*:*:*
ibmhttp_server1.3.19cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*
ibmhttp_server1.3.19.4cpe:2.3:a:ibm:http_server:1.3.19.4:*:*:*:*:*:*:*
ibmhttp_server1.3.19.5cpe:2.3:a:ibm:http_server:1.3.19.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	http_server	*	cpe:2.3:a:ibm:http_server::::::::
ibm	http_server	1.0	cpe:2.3:a:ibm:http_server:1.0:::::::*
ibm	http_server	1.3.6.3	cpe:2.3:a:ibm:http_server:1.3.6.3:::::::*
ibm	http_server	1.3.12	cpe:2.3:a:ibm:http_server:1.3.12:::::::*
ibm	http_server	1.3.12.2	cpe:2.3:a:ibm:http_server:1.3.12.2:::::::*
ibm	http_server	1.3.12.6	cpe:2.3:a:ibm:http_server:1.3.12.6:::::::*
ibm	http_server	1.3.12.7	cpe:2.3:a:ibm:http_server:1.3.12.7:::::::*
ibm	http_server	1.3.19	cpe:2.3:a:ibm:http_server:1.3.19:::::::*
ibm	http_server	1.3.19.4	cpe:2.3:a:ibm:http_server:1.3.19.4:::::::*
ibm	http_server	1.3.19.5	cpe:2.3:a:ibm:http_server:1.3.19.5:::::::*

Rows per page:

1-10 of 201

References

www-01.ibm.com/support/docview.wss?uid=swg21502580

www.ibm.com/support/docview.wss?uid=swg1PM41293

www.securityfocus.com/bid/50447

exchange.xforce.ibmcloud.com/vulnerabilities/69656

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

Related for CVE-2011-1360