CVE-2006-0254

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Reference

http://issues.apache.org/jira/browse/GERONIMO-1474
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/18485
http://secunia.com/advisories/31493
http://www.oliverkarow.de/research/geronimo_css.txt
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/421996/100/0/threaded
http://www.securityfocus.com/bid/16260
http://www.vupen.com/english/advisories/2006/0217
https://exchange.xforce.ibmcloud.com/vulnerabilities/24158
https://exchange.xforce.ibmcloud.com/vulnerabilities/24159
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:43

Objavljeno

18-01-2006 - 01:51