CVE-2011-4575

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-4575
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2013-0191.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0192.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0194.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0195.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0198.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.html Vendor Advisory
http://secunia.com/advisories/51984 Vendor Advisory
http://secunia.com/advisories/52054 Vendor Advisory
http://www.osvdb.org/89578
http://www.securityfocus.com/bid/57548
https://bugzilla.redhat.com/show_bug.cgi?id=760387
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*
History

13 Feb 2023, 00:21

Type Values Removed Values Added
Summary It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console. Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0533', 'name': 'https://access.redhat.com/errata/RHSA-2013:0533', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0191', 'name': 'https://access.redhat.com/errata/RHSA-2013:0191', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0196', 'name': 'https://access.redhat.com/errata/RHSA-2013:0196', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2011-4575', 'name': 'https://access.redhat.com/security/cve/CVE-2011-4575', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0194', 'name': 'https://access.redhat.com/errata/RHSA-2013:0194', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0197', 'name': 'https://access.redhat.com/errata/RHSA-2013:0197', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0192', 'name': 'https://access.redhat.com/errata/RHSA-2013:0192', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0221', 'name': 'https://access.redhat.com/errata/RHSA-2013:0221', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0193', 'name': 'https://access.redhat.com/errata/RHSA-2013:0193', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0198', 'name': 'https://access.redhat.com/errata/RHSA-2013:0198', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0195', 'name': 'https://access.redhat.com/errata/RHSA-2013:0195', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 18:15

Type Values Removed Values Added
Summary Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console.
References
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0533 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0191 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0196 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2011-4575 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0194 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0197 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0192 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0221 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0193 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0198 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0195 -
Information

Published : 2013-02-05 23:55

Updated : 2023-12-10 11:16

NVD link : CVE-2011-4575

Mitre link : CVE-2011-4575

CVE.ORG link : CVE-2011-4575

JSON object : View

Products Affected

redhat

  • jboss_enterprise_web_platform
  • jboss_enterprise_brms_platform
  • jboss_enterprise_application_platform
CWE
CWE-20

Improper Input Validation