National Cyber Awareness System

Vulnerability Summary for CVE-2009-2405

Overview

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: REDHAT

Name: RHSA-2009:1650

Type: Patch Information

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1650.html

External Source: REDHAT

Name: RHSA-2009:1649

Type: Patch Information

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1649.html

External Source: REDHAT

Name: RHSA-2009:1637

Type: Patch Information

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1637.html

External Source: REDHAT

Name: RHSA-2009:1636

Type: Patch Information

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1636.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=510023

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=510023

External Source: MISC

Name: https://jira.jboss.org/jira/browse/JBPAPP-2284

Hyperlink:https://jira.jboss.org/jira/browse/JBPAPP-2284

External Source: MISC

Name: https://jira.jboss.org/jira/browse/JBPAPP-2274

Hyperlink:https://jira.jboss.org/jira/browse/JBPAPP-2274

External Source: MISC

Name: https://jira.jboss.org/jira/browse/JBAS-7105

Hyperlink:https://jira.jboss.org/jira/browse/JBAS-7105

External Source: XF

Name: jboss-createsnapshot-xss(54700)

Hyperlink:http://xforce.iss.net/xforce/xfdb/54700

External Source: BID

Name: 37276

Hyperlink:http://www.securityfocus.com/bid/37276

External Source: OSVDB

Name: 60899

Hyperlink:http://www.osvdb.org/60899

External Source: OSVDB

Name: 60898

Hyperlink:http://www.osvdb.org/60898

External Source: SECTRACK

Name: 1023315

Hyperlink:http://securitytracker.com/id?1023315

External Source: SECUNIA

Name: 37671

Type: Advisory

Hyperlink:http://secunia.com/advisories/37671

External Source: SECUNIA

Name: 35680

Type: Advisory

Hyperlink:http://secunia.com/advisories/35680