CVE-2009-2405 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-2405 PUBLISHED CVSS 4.300000190734863 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

EPSS 0.78% · 73.5th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

0.78%

73.5th percentile

Affected Products

Vendor	Product	Versions
redhat	jboss_enterprise_application_platform	5.1.0, 4.2, 4.2
n/a	n/a	n/a

Timeline

Dec 15, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

https://jira.jboss.org/jira/browse/JBAS-7105 url
37276 vdb
1023315 vdb
60899 vdb
RHSA-2009:1637 vendor-advisory
https://jira.jboss.org/jira/browse/JBPAPP-2284 url
37671 third-party-advisory
RHSA-2009:1636 vendor-advisory
RHSA-2009:1649 vendor-advisory
60898 vdb
jboss-createsnapshot-xss(54700) vdb
https://jira.jboss.org/jira/browse/JBPAPP-2274 url
35680 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=510023 url
RHSA-2009:1650 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-2405 advisory
https://access.redhat.com/errata/RHSA-2009:1636 url
https://access.redhat.com/errata/RHSA-2009:1637 url
https://access.redhat.com/errata/RHSA-2009:1649 url
https://access.redhat.com/errata/RHSA-2009:1650 url

…and 1 more

Open in Interactive Console →