var-201211-0108
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. The problem is CVE-2012-4563 This is due to an incomplete fix.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: JBoss Operations Network 3.1.2 update Advisory ID: RHSA-2013:0187-01 Product: JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0187.html Issue date: 2013-01-23 CVE Names: CVE-2012-5920 =====================================================================
- Summary:
JBoss Operations Network 3.1.2, which fixes one security issue and several bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Description:
JBoss Operations Network (JBoss ON) is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services.
This JBoss ON 3.1.2 release serves as a replacement for JBoss ON 3.1.1, and includes several bug fixes. Refer to the JBoss ON 3.1.2 Release Notes for information on the most significant of these changes. (CVE-2012-5920)
Warning: Before applying the update, back up your existing JBoss ON installation (including its databases, applications, configuration files, the JBoss ON server's file system directory, and so on).
All users of JBoss Operations Network 3.1.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Operations Network 3.1.2.
- Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss ON installation (including its databases, applications, configuration files, the JBoss ON server's file system directory, and so on).
Refer to the JBoss Operations Network 3.1.2 Release Notes for installation information.
- Bugs fixed (http://bugzilla.redhat.com/):
871690 - CVE-2012-5920 GWT: unknown XSS flaw
- References:
https://www.redhat.com/security/data/cve/CVE-2012-5920.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.1.2 https://developers.google.com/web-toolkit/release-notes#Release_Notes_Current https://access.redhat.com/knowledge/docs/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRAFsuXlSAg2UNWIIRAoIpAJ41lcJfSCnjLt/MuybQPPRyssfrJQCfcUU5 QcJou7EXNnVFLk5ejl/pb58= =bfcd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0108",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web toolkit",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "2.4"
},
{
"model": "web toolkit",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "2.5.0"
},
{
"model": "web toolkit",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "2.4.0"
},
{
"model": "web toolkit",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "2.4 to 2.5 final"
},
{
"model": "trio tview software",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.27.0"
},
{
"model": "web toolkit beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.4"
},
{
"model": "trio tview software",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.29.0"
},
{
"model": "web toolkit ga",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "2.5"
}
],
"sources": [
{
"db": "BID",
"id": "57538"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:web_toolkit",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google",
"sources": [
{
"db": "BID",
"id": "57538"
}
],
"trust": 0.3
},
"cve": "CVE-2012-5920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-5920",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-5920",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-5920",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-356",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. The problem is CVE-2012-4563 This is due to an incomplete fix.By any third party Web Script or HTML May be inserted. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: JBoss Operations Network 3.1.2 update\nAdvisory ID: RHSA-2013:0187-01\nProduct: JBoss Operations Network\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0187.html\nIssue date: 2013-01-23\nCVE Names: CVE-2012-5920 \n=====================================================================\n\n1. Summary:\n\nJBoss Operations Network 3.1.2, which fixes one security issue and several\nbugs, is now available from the Red Hat Customer Portal. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Description:\n\nJBoss Operations Network (JBoss ON) is a middleware management solution\nthat provides a single point of control to deploy, manage, and monitor\nJBoss Enterprise Middleware, applications, and services. \n\nThis JBoss ON 3.1.2 release serves as a replacement for JBoss ON 3.1.1, and\nincludes several bug fixes. Refer to the JBoss ON 3.1.2 Release Notes for\ninformation on the most significant of these changes. (CVE-2012-5920)\n\nWarning: Before applying the update, back up your existing JBoss ON\ninstallation (including its databases, applications, configuration files,\nthe JBoss ON server\u0027s file system directory, and so on). \n\nAll users of JBoss Operations Network 3.1.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.1.2. \n\n3. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss ON installation (including its databases, applications,\nconfiguration files, the JBoss ON server\u0027s file system directory, and so\non). \n\nRefer to the JBoss Operations Network 3.1.2 Release Notes for installation\ninformation. \n\n4. Bugs fixed (http://bugzilla.redhat.com/):\n\n871690 - CVE-2012-5920 GWT: unknown XSS flaw\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-5920.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=em\u0026version=3.1.2\nhttps://developers.google.com/web-toolkit/release-notes#Release_Notes_Current\nhttps://access.redhat.com/knowledge/docs/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRAFsuXlSAg2UNWIIRAoIpAJ41lcJfSCnjLt/MuybQPPRyssfrJQCfcUU5\nQcJou7EXNnVFLk5ejl/pb58=\n=bfcd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5920"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "BID",
"id": "57538"
},
{
"db": "PACKETSTORM",
"id": "119755"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5920",
"trust": 2.8
},
{
"db": "BID",
"id": "57538",
"trust": 1.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/10/31/1",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-02",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "119755",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "57538"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "PACKETSTORM",
"id": "119755"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"id": "VAR-201211-0108",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T21:07:02.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Google Web Toolkit Release Notes",
"trust": 0.8,
"url": "https://developers.google.com/web-toolkit/release-notes"
},
{
"title": "RHSA-2013:0187",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-0187.html"
},
{
"title": "GWT 2.5.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45889"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0187.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/57538"
},
{
"trust": 1.0,
"url": "https://developers.google.com/web-toolkit/release-notes#release_notes_2_4_0"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/1"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80331"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5920"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5920"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-google-web-toolkit-may-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2012-5920/"
},
{
"trust": 0.4,
"url": "https://developers.google.com/web-toolkit/release-notes#release_notes_current"
},
{
"trust": 0.3,
"url": "https://developers.google.com/web-toolkit/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=em\u0026version=3.1.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/docs/"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-5920.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "57538"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "PACKETSTORM",
"id": "119755"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "57538"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"db": "PACKETSTORM",
"id": "119755"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-24T00:00:00",
"db": "BID",
"id": "57538"
},
{
"date": "2012-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"date": "2013-01-24T01:45:38",
"db": "PACKETSTORM",
"id": "119755"
},
{
"date": "2012-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"date": "2012-11-20T00:55:01.430000",
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T11:09:00",
"db": "BID",
"id": "57538"
},
{
"date": "2016-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005447"
},
{
"date": "2021-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-356"
},
{
"date": "2024-11-21T01:45:32.577000",
"db": "NVD",
"id": "CVE-2012-5920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Web Toolkit Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005447"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-356"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…