FKIE_CVE-2009-2405

Vulnerability from fkie_nvd - Published: 2009-12-15 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.
References
secalert@redhat.comhttp://secunia.com/advisories/35680Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/37671Vendor Advisory
secalert@redhat.comhttp://securitytracker.com/id?1023315
secalert@redhat.comhttp://www.osvdb.org/60898
secalert@redhat.comhttp://www.osvdb.org/60899
secalert@redhat.comhttp://www.securityfocus.com/bid/37276
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=510023Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54700
secalert@redhat.comhttps://jira.jboss.org/jira/browse/JBAS-7105
secalert@redhat.comhttps://jira.jboss.org/jira/browse/JBPAPP-2274
secalert@redhat.comhttps://jira.jboss.org/jira/browse/JBPAPP-2284
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1636.htmlPatch
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1637.htmlPatch
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1649.htmlPatch
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2009-1650.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35680Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37671Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023315
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/60898
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/60899
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37276
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=510023Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54700
af854a3a-2127-422b-91ae-364da2661108https://jira.jboss.org/jira/browse/JBAS-7105
af854a3a-2127-422b-91ae-364da2661108https://jira.jboss.org/jira/browse/JBPAPP-2274
af854a3a-2127-422b-91ae-364da2661108https://jira.jboss.org/jira/browse/JBPAPP-2284
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1636.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1637.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1649.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2009-1650.htmlPatch
Impacted products
Vendor Product Version
redhat jboss_enterprise_application_platform 4.2
redhat jboss_enterprise_application_platform 4.2
redhat jboss_enterprise_application_platform 4.2
redhat jboss_enterprise_application_platform 4.2
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.2
redhat jboss_enterprise_application_platform 4.3
redhat jboss_enterprise_application_platform 4.3
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 5.1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "E715EAF0-DAE9-4FD5-996E-18E61C9CC703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*",
              "matchCriteriaId": "4E6C7D0B-DBC0-4414-9C40-713E01146FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:*",
              "matchCriteriaId": "C68C2A35-BC1E-414A-9DB1-7585435DCA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
              "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
              "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
              "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
              "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
              "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
              "matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga:*:*:*:*:*:*",
              "matchCriteriaId": "A04F68DF-F024-4349-B504-1D0588A20B20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "888B9B34-40A3-4CE3-9643-0174CC61751B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
              "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
              "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
              "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:ga:*:*:*:*:*:*",
              "matchCriteriaId": "881A0E69-23D1-4446-8355-970E50C0290F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la consola web en el servidor de aplicaciones en Red Hat JBoss Enterprise Application Platform (tambi\u00e9n conocido como JBoss EAP or JBEAP) v4.2.0 anteriores a v4.2.0.CP08, v4.2.2GA, v4.3 anteriores a v4.3.0.CP07, y v5.1.0GA  permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled  para createThresholdMonitor.jsp. NOTA: Algunos de los detalles fueron obtenidos de terceras partes."
    }
  ],
  "id": "CVE-2009-2405",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-15T18:30:00.407",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35680"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37671"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1023315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/60898"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/60899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/37276"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://jira.jboss.org/jira/browse/JBAS-7105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/60898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/60899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jira.jboss.org/jira/browse/JBAS-7105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.