Lucene search
HistoryMar 09, 2009 - 9:30 p.m.
CVE-2009-0856
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.017
Percentile
87.7%
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
ibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.4
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.6
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.8
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.10
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.14
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.16
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.18
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.20
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.22
ibmz\/os
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 6.1 | cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.0 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.1 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.3 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.4 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.5 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.6 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.7 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.8 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2009-0856
2009-03-09 21:00:00
prion
prion
Cross site scripting
2009-03-09 21:30:00
cve
cve
CVE-2009-0856
2009-03-09 21:30:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws
2009-04-15 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.017
Percentile
87.7%
Related for NVD:CVE-2009-0856