Vulnerability Description
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 4.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37671Vendor Advisory
- http://securitytracker.com/id?1023315
- http://www.securityfocus.com/bid/37276
- https://bugzilla.redhat.com/show_bug.cgi?id=511224Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54698
- https://jira.jboss.org/jira/browse/JBPAPP-1983
- https://rhn.redhat.com/errata/RHSA-2009-1636.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1637.html
- https://rhn.redhat.com/errata/RHSA-2009-1649.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2009-1650.htmlVendor Advisory
- http://secunia.com/advisories/37671Vendor Advisory
- http://securitytracker.com/id?1023315
- http://www.securityfocus.com/bid/37276
- https://bugzilla.redhat.com/show_bug.cgi?id=511224Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54698
FAQ
What is CVE-2009-1380?
CVE-2009-1380 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remo...
How severe is CVE-2009-1380?
CVE-2009-1380 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1380?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.