CVE-2011-3606 — MEDIUM (5.4)

Vulnerability Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Application Server	7.0.0

Related Weaknesses (CWE)

CWE-79

References

https://access.redhat.com/security/cve/cve-2011-3606Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606Issue TrackingThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3606Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-3606Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606Issue TrackingThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3606Third Party Advisory

FAQ

What is CVE-2011-3606?

CVE-2011-3606 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the...

How severe is CVE-2011-3606?

CVE-2011-3606 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3606?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Application Server.