1. CVE-Search
  2. CVE-2006-0254
ID CVE-2006-0254
Summary Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:geronimo:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:geronimo:1.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2008:0261
  • rhsa
    id RHSA-2008:0630
rpms
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jfreechart-0:0.9.20-3.rhn
  • mod_perl-0:2.0.2-12.el4
  • mod_perl-debuginfo-0:2.0.2-12.el4
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-html-0:5.1.1-7
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
bid 16260
bugtraq 20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities
confirm https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
misc
secunia
  • 18485
  • 31493
vupen ADV-2006-0217
xf
  • geronimo-jspexamples-xss(24158)
  • geronimo-webaccesslog-viewer-xss(24159)
Last major update 19-10-2018 - 15:43
Published 18-01-2006 - 01:51
Last modified 19-10-2018 - 15:43
Back to Top