Detections
Analytics

CVE-2006-2431

medium

Description

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30055

http://www.vupen.com/english/advisories/2006/1736

http://www.securityfocus.com/bid/21018

http://www.securityfocus.com/archive/1/450704/100/0/threaded

http://www.osvdb.org/25371

http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en

http://www.attrition.org/pipermail/vim/2006-November/001112.html

http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=

http://securitytracker.com/id?1017170

http://securityreason.com/securityalert/910

http://secunia.com/advisories/20032

http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html

Details

Source: Mitre, NVD

Published: 2006-05-17

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium