Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2431

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2431
Last Modified 09 May 2011 12:00:00
Published 17 May 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2431

Summary

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.0.0

  • Ibm Websphere Application Server 5.0.1

  • Ibm Websphere Application Server 5.0.2

  • Ibm Websphere Application Server 5.1.0

  • Ibm Websphere Application Server 5.1.0.2

  • Ibm Websphere Application Server 5.1.0.3

  • Ibm Websphere Application Server 5.1.0.4

  • Ibm Websphere Application Server 5.1.0.5

  • Ibm Websphere Application Server 5.1.1

  • Ibm Websphere Application Server 5.1.1.1

  • Ibm Websphere Application Server 5.1.1.10

  • Ibm Websphere Application Server 5.1.1.11

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7


References

AIXAPAR - PK16602

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

AIXAPAR - PK22416

SECUNIA - 20032

BUGTRAQ - 20060509 IBM Websphere Application Server Multiple Vulnerabilities

XF - websphere-faultfactor-xss(30055)

VUPEN - ADV-2006-1736

BID - 21018

BUGTRAQ - 20061106 Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server

OSVDB - 25371

MISC - http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en

VIM - 20061107 Minimizing error cascades in vulnerability information management

AIXAPAR - PK26181

SECTRACK - 1017170

SREASON - 910


Last Updated: 27 May 2016 10:42:28