Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2011-3606
HistoryNov 26, 2019 - 2:15 a.m.

CVE-2011-3606

2019-11-2602:15:10
CWE-79
redhat
web.nvd.nist.gov
64
cve-2011-3606
dom-based cross-site scripting
jboss application server
security vulnerability
nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

Affected configurations

Nvd
Vulners
Node
redhatjboss_application_serverMatch7.0.0
OR
redhatjboss_application_serverMatch7.0.0alpha1
OR
redhatjboss_application_serverMatch7.0.0beta1
OR
redhatjboss_application_serverMatch7.0.0beta2
OR
redhatjboss_application_serverMatch7.0.0beta3
OR
redhatjboss_application_serverMatch7.0.0cr1
OR
redhatjboss_application_serverMatch7.0.1
OR
redhatjboss_application_serverMatch7.0.2
VendorProductVersionCPE
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:*:*:*:*:*:*:*
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:alpha1:*:*:*:*:*:*
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:beta1:*:*:*:*:*:*
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:beta2:*:*:*:*:*:*
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:beta3:*:*:*:*:*:*
redhatjboss_application_server7.0.0cpe:2.3:a:redhat:jboss_application_server:7.0.0:cr1:*:*:*:*:*:*
redhatjboss_application_server7.0.1cpe:2.3:a:redhat:jboss_application_server:7.0.1:*:*:*:*:*:*:*
redhatjboss_application_server7.0.2cpe:2.3:a:redhat:jboss_application_server:7.0.2:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "JBoss Application Server",
    "vendor": "JBoss Application Server",
    "versions": [
      {
        "status": "affected",
        "version": "7 before 7.1.0 Beta 1"
      }
    ]
  }
]

Related

prion 1
cvelist 1
ubuntucve 1
seebug 1
nvd 1
prion
prion
Cross site scripting
2019-11-26 02:15:00
cvelist
cvelist
CVE-2011-3606
2019-11-26 01:43:14
ubuntucve
ubuntucve
CVE-2011-3606
2019-11-26 00:00:00
seebug
seebug
JBoss Application Server็ฎก็†ๆŽงๅˆถๅฐ่ทจ็ซ™่„šๆœฌๆ‰ง่กŒๆผๆดž
2011-12-05 00:00:00
nvd
nvd
CVE-2011-3606
2019-11-26 02:15:10

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON
Related for CVE-2011-3606
prion1cvelist1ubuntucve1seebug1nvd1