Lucene search

PRIOn knowledge basePRION:CVE-2009-1380

HistoryDec 15, 2009 - 6:30 p.m.

Cross site scripting

2009-12-1518:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

CPENameOperatorVersion
jboss_enterprise_application_platformeq4.3 cp1
jboss_enterprise_application_platformeq4.2 cp3
jboss_enterprise_application_platformeq4.2.0 cp1
jboss_enterprise_application_platformeq4.2.0 cp6
jboss_enterprise_application_platformeq4.3.0 cp1
jboss_enterprise_application_platformeq4.2.0 cp5
jboss_enterprise_application_platformeq4.2.0 cp4
jboss_enterprise_application_platformeq4.3.0 cp4
jboss_enterprise_application_platformeq4.2.0 cp3
jboss_enterprise_application_platformeq4.2 cp2

Name	Operator	Version
jboss_enterprise_application_platform	eq	4.3 cp1
jboss_enterprise_application_platform	eq	4.2 cp3
jboss_enterprise_application_platform	eq	4.2.0 cp1
jboss_enterprise_application_platform	eq	4.2.0 cp6
jboss_enterprise_application_platform	eq	4.3.0 cp1
jboss_enterprise_application_platform	eq	4.2.0 cp5
jboss_enterprise_application_platform	eq	4.2.0 cp4
jboss_enterprise_application_platform	eq	4.3.0 cp4
jboss_enterprise_application_platform	eq	4.2.0 cp3
jboss_enterprise_application_platform	eq	4.2 cp2

Rows per page:

1-10 of 151

References

secunia.com/advisories/37671

securitytracker.com/id?1023315

www.securityfocus.com/bid/37276

bugzilla.redhat.com/show_bug.cgi?id=511224

exchange.xforce.ibmcloud.com/vulnerabilities/54698

jira.jboss.org/jira/browse/JBPAPP-1983

rhn.redhat.com/errata/RHSA-2009-1636.html

rhn.redhat.com/errata/RHSA-2009-1637.html

rhn.redhat.com/errata/RHSA-2009-1649.html

rhn.redhat.com/errata/RHSA-2009-1650.html

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for PRION:CVE-2009-1380