CVE-2006-2431
Summary
| CVE | CVE-2006-2431 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-05-17 10:06:00 UTC |
| Updated | 2018-10-18 16:39:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Websphere Application Server | 5.0.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.6 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.7 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.0.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.0.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 5.1.1.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.6 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Websphere Application Server Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www-1.ibm.com | Patch |
| Search results | AIXAPAR | www-1.ibm.com | Patch |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SecurityTracker.com Archives - IBM WebSphere Application Server Input Validation Hole in Error Page 'faultactor' Parameter Permits Cross-Site Scripting Attacks | SECTRACK | securitytracker.com | |
| www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf | MISC | www.niscc.gov.uk | |
| IBM notice: The page you requested cannot be displayed | CONFIRM | www-1.ibm.com | Patch |
| IBM WebSphere Faultactor Cross-Site Scripting Vulnerability | BID | www.securityfocus.com | |
| 25371 | OSVDB | www.osvdb.org | |
| Neohapsis Archives - Bugtraq - #0175 - IBM Websphere Application Server Multiple Vulnerabilities | BUGTRAQ | archives.neohapsis.com | Patch |
| SecurityReason - IBM Websphere Application Server Multiple Vulnerabilities | SREASON | securityreason.com | |
| Search results | AIXAPAR | www-1.ibm.com | |
| [VIM] Minimizing error cascades in vulnerability information management | VIM | www.attrition.org | |
| IBM notice: The page you requested cannot be displayed | CONFIRM | www-1.ibm.com | Patch |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.