CVE-2015-3267

Опубликовано: 09 июл. 2015

Источник: redhat

CVSS2: 4.3

Описание

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

It was discovered that a cross-site scripting (XSS) vulnerability on a JBoss Operations Network 404 error page allowed for session fixation attacks. An attacker could use this flaw to impersonate a legitimate user, resulting in compromised integrity of secure data.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss BRMS 5	jbossweb	Under investigation
Red Hat JBoss Data Grid 6	jbossweb	Under investigation
Red Hat JBoss Enterprise Application Platform 5	jbossweb	Not affected
Red Hat JBoss Enterprise Application Platform 6	jbossweb	Not affected
Red Hat JBoss Fuse Service Works 6	jbossweb	Under investigation
Red Hat JBoss Operations Network 3	jbossweb	Affected
Red Hat JBoss SOA Platform 4	jbossweb	Under investigation
Red Hat JBoss SOA Platform 5	jbossweb	Under investigation
Red Hat JBoss Operations Network 3.3		Fixed	RHSA-2015:1525	30.07.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1237155JON: Cross Site scripting possible on the JBoss ON 404 error page

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-3267

nvd

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

GHSA-5j8q-m7q7-vgqf

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3 Medium

CVSS2