Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2431

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

Published

2006-05-17T10:06:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	websphere_application_server	5.0.0	Yes
Application	ibm	websphere_application_server	5.0.1	Yes
Application	ibm	websphere_application_server	5.0.2	Yes
Application	ibm	websphere_application_server	5.1.0	Yes
Application	ibm	websphere_application_server	5.1.0.2	Yes
Application	ibm	websphere_application_server	5.1.0.3	Yes
Application	ibm	websphere_application_server	5.1.0.4	Yes
Application	ibm	websphere_application_server	5.1.0.5	Yes
Application	ibm	websphere_application_server	5.1.1	Yes
Application	ibm	websphere_application_server	5.1.1.1	Yes
Application	ibm	websphere_application_server	5.1.1.10	Yes
Application	ibm	websphere_application_server	5.1.1.11	Yes
Application	ibm	websphere_application_server	6.0.2	Yes
Application	ibm	websphere_application_server	6.0.2.1	Yes
Application	ibm	websphere_application_server	6.0.2.2	Yes
Application	ibm	websphere_application_server	6.0.2.3	Yes
Application	ibm	websphere_application_server	6.0.2.4	Yes
Application	ibm	websphere_application_server	6.0.2.5	Yes
Application	ibm	websphere_application_server	6.0.2.6	Yes
Application	ibm	websphere_application_server	6.0.2.7	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html Patch ([email protected])
http://secunia.com/advisories/20032 Patch, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/910 ([email protected])
http://securitytracker.com/id?1017170 ([email protected])
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang= Patch ([email protected])
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064 Patch ([email protected])
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163 Patch ([email protected])
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only Patch ([email protected])
http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only ([email protected])
http://www.attrition.org/pipermail/vim/2006-November/001112.html ([email protected])
http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en ([email protected])
http://www.osvdb.org/25371 ([email protected])
http://www.securityfocus.com/archive/1/450704/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/21018 ([email protected])
http://www.vupen.com/english/advisories/2006/1736 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/30055 ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20032 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/910 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017170 (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang= Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2006-November/001112.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/25371 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/450704/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/21018 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1736 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30055 (af854a3a-2127-422b-91ae-364da2661108)