Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0254

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0254
Last Modified 07 Mar 2011 09:29:39
Published 17 Jan 2006 08:51:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0254

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Vulnerable Systems

Application

  • Apache Geronimo 1.0


References

CONFIRM - https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create

VUPEN - ADV-2006-0217

BID - 16260

BUGTRAQ - 20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities

MISC - http://www.oliverkarow.de/research/geronimo_css.txt

SECUNIA - 18485

MISC - http://issues.apache.org/jira/browse/GERONIMO-1474

XF - geronimo-webaccesslog-viewer-xss(24159)

XF - geronimo-jspexamples-xss(24158)

REDHAT - RHSA-2008:0261

SECUNIA - 31493

REDHAT - RHSA-2008:0630


Last Updated: 27 May 2016 10:41:36