Versio.io

CVE-2009-2405

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 22-07-2009 02:00
Last modified: - 22-07-2009 02:00
Total changes: - 7

Description

CVE-2009-2405 JBoss Application Server Web Console XSS

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:P/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
4.3
Base score
Exploitability score
Impact score
 

Verification logic

OR
AND
product=glassfish-javamail-0 AND versionEndExcluding=1.4.2-0jpp.ep1.5.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11.GA_CP02.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.GA_CP01.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jakarta-commons-logging-jboss-0 AND versionEndExcluding=1.1-9.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossas-0 AND versionEndExcluding=4.2.0-5.GA_CP08.5.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-1.ep1.22.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.2.0-6.GA_CP08.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xerces-j2-0 AND versionEndExcluding=2.7.1-9jpp.4.patch_02.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11GA_CP02.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossas-0 AND versionEndExcluding=4.2.0-5.GA_CP08.5.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-1.ep1.14.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.2.0-6.GA_CP08.ep1.3.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=glassfish-javamail-0 AND versionEndExcluding=1.4.2-0jpp.ep1.5.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jaxb-0 AND versionEndExcluding=2.1.4-1.12.patch03.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11.GA_CP02.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.GA_CP01.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jakarta-commons-logging-jboss-0 AND versionEndExcluding=1.1-9.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossas-0 AND versionEndExcluding=4.3.0-6.GA_CP07.4.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-messaging-0 AND versionEndExcluding=1.4.0-3.SP3_CP09.4.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam2-0 AND versionEndExcluding=2.0.2.FP-1.ep1.21.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-0 AND versionEndExcluding=2.0.1-4.SP2_CP07.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-common-0 AND versionEndExcluding=1.0.0-2.GA_CP05.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-framework-0 AND versionEndExcluding=2.0.1-1.GA_CP05.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.3.0-6.GA_CP07.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xerces-j2-0 AND versionEndExcluding=2.7.1-9jpp.4.patch_02.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jaxb-0 AND versionEndExcluding=2.1.4-1.12.patch03.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11GA_CP02.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossas-0 AND versionEndExcluding=4.3.0-6.GA_CP07.4.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-messaging-0 AND versionEndExcluding=1.4.0-3.SP3_CP09.4.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam2-0 AND versionEndExcluding=2.0.2.FP-1.ep1.18.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-0 AND versionEndExcluding=2.0.1-4.SP2_CP07.2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-common-0 AND versionEndExcluding=1.0.0-2.GA_CP05.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-framework-0 AND versionEndExcluding=2.0.1-1.GA_CP05.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.3.0-6.GA_CP07.ep1.3.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
 

Reference

 


Keywords

REDHAT

 

CVE-2009-2405

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.