CVE-2009-2405
Published Dec 15, 2009
Last updated a year ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E715EAF0-DAE9-4FD5-996E-18E61C9CC703"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E6C7D0B-DBC0-4414-9C40-713E01146FA7"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C68C2A35-BC1E-414A-9DB1-7585435DCA33"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A04F68DF-F024-4349-B504-1D0588A20B20"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "888B9B34-40A3-4CE3-9643-0174CC61751B"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:ga:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "881A0E69-23D1-4446-8355-970E50C0290F"
}
],
"operator": "OR"
}
]
}
]