Back to search
CVE-2006-2431
Published: May 17, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
websphere-faultfactor-xss(30055)
vdb-entry
x_refsource_XF
http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en
x_refsource_MISC
PK16602
vendor-advisory
x_refsource_AIXAPAR
PK26181
vendor-advisory
x_refsource_AIXAPAR
25371
vdb-entry
x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064
x_refsource_CONFIRM
21018
vdb-entry
x_refsource_BID
PK22416
vendor-advisory
x_refsource_AIXAPAR
910
third-party-advisory
x_refsource_SREASON
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163
x_refsource_CONFIRM
20061106 Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server
mailing-list
x_refsource_BUGTRAQ
ADV-2006-1736
vdb-entry
x_refsource_VUPEN
20032
third-party-advisory
x_refsource_SECUNIA
20060509 IBM Websphere Application Server Multiple Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
1017170
vdb-entry
x_refsource_SECTRACK
20061107 Minimizing error cascades in vulnerability information management
mailing-list
x_refsource_VIM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now