CVE-2009-1380 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Application Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04::::::

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-9.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.22.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
JBEAP 4.2.0 for RHEL 5
glassfish-jsf-0:1.2_13-2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.14.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jgroups-1:2.4.7-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-9.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-seam2-0:2.0.2.FP-1.ep1.21.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-seam2-0:2.0.2.FP-1.ep1.18.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z

References

Link	Providers
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023315
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=511224
https://exchange.xforce.ibmcloud.com/vulnerabilities/54698
https://jira.jboss.org/jira/browse/JBPAPP-1983
https://nvd.nist.gov/vuln/detail/CVE-2009-1380
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html
https://www.cve.org/CVERecord?id=CVE-2009-1380

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-12-15T18:00:00

Updated: 2024-08-07T05:13:25.535Z

Reserved: 2009-04-23T00:00:00

Link: CVE-2009-1380

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-12-15T18:30:00.377

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1380

Redhat

Severity : Low

Publid Date: 2009-12-09T00:00:00Z

Links: CVE-2009-1380 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "37276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37276"}, {"name": "1023315", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023315"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"name": "jboss-enterprise-jmxconsole-xss(54698)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54698"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37671"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-1983"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511224"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:13:25.535Z"}, "title": "CVE Program Container", "references": [{"name": "37276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37276"}, {"name": "1023315", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023315"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"name": "jboss-enterprise-jmxconsole-xss(54698)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54698"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37671"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-1983"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511224"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1380", "datePublished": "2009-12-15T18:00:00", "dateReserved": "2009-04-23T00:00:00", "dateUpdated": "2024-08-07T05:13:25.535Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*", "matchCriteriaId": "E715EAF0-DAE9-4FD5-996E-18E61C9CC703", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*", "matchCriteriaId": "4E6C7D0B-DBC0-4414-9C40-713E01146FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:*", "matchCriteriaId": "C68C2A35-BC1E-414A-9DB1-7585435DCA33", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*", "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01:*:*:*:*:*:*", "matchCriteriaId": "888B9B34-40A3-4CE3-9643-0174CC61751B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (tambien conocida como JBoss EAP or JBEAP) v4.2 anteriores a v4.2.0.CP08 y v4.3 anteriores a v4.3.0.CP07 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro filtro, relacionado con la propiedad \"key\" y la posici\u00f3n de los caracteres comilla y dos puntos."}], "id": "CVE-2009-1380", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-12-15T18:30:00.377", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023315"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37276"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511224"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54698"}, {"source": "secalert@redhat.com", "url": "https://jira.jboss.org/jira/browse/JBPAPP-1983"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jira.jboss.org/jira/browse/JBPAPP-1983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.22.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.14.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.21.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.18.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}], "bugzilla": {"description": "jbossas JMX-Console cross-site-scripting in filter parameter", "id": "511224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511224"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters."], "name": "CVE-2009-1380", "public_date": "2009-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-1380\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1380"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object