CVE-2011-3606
Last modified
CVE-2011-3606 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Application Server | 7.0.0 |
| Redhat | Jboss Application Server | 7.0.1 |
| Redhat | Jboss Application Server | 7.0.2 |
References
- https://access.redhat.com/security/cve/cve-2011-3606Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606Issue Tracking, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-3606Third Party Advisory
- https://access.redhat.com/security/cve/cve-2011-3606Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606Issue Tracking, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-3606Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3606?
How severe is CVE-2011-3606?
How do I fix CVE-2011-3606?
Are you affected by CVE-2011-3606?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST