SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2006-2431

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1017170

SECUNIA-20032

http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html

http://www.securityfocus.com/archive/1/450704/100/0/threaded

http://www.attrition.org/pipermail/vim/2006-November/001112.html

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163

http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en

websphere-faultfactor-xss(30055)


30479



423868



248678



909



195426



282