CVE-2009-2405 - Vulnerability Details

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Application Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:ga::::::

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-9.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.22.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1637	2009-12-09T00:00:00Z
JBEAP 4.2.0 for RHEL 5
glassfish-jsf-0:1.2_13-2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.14.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
jgroups-1:2.4.7-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1650	2009-12-10T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jakarta-commons-logging-jboss-0:1.1-9.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jboss-seam2-0:2.0.2.FP-1.ep1.21.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1636	2009-12-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
glassfish-jsf-0:1.2_13-2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.9.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-aop-0:1.5.5-3.CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-remoting-0:2.2.3-3.SP1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jboss-seam2-0:2.0.2.FP-1.ep1.18.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jcommon-0:1.0.16-1.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jfreechart-0:1.0.13-2.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
jgroups-1:2.4.7-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z
xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1649	2009-12-09T00:00:00Z

References

Link	Providers
http://secunia.com/advisories/35680
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023315
http://www.osvdb.org/60898
http://www.osvdb.org/60899
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=510023
https://exchange.xforce.ibmcloud.com/vulnerabilities/54700
https://jira.jboss.org/jira/browse/JBAS-7105
https://jira.jboss.org/jira/browse/JBPAPP-2274
https://jira.jboss.org/jira/browse/JBPAPP-2284
https://nvd.nist.gov/vuln/detail/CVE-2009-2405
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html
https://www.cve.org/CVERecord?id=CVE-2009-2405

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-12-15T18:00:00

Updated: 2024-08-07T05:52:15.197Z

Reserved: 2009-07-09T00:00:00

Link: CVE-2009-2405

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-12-15T18:30:00.407

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2405

Redhat

Severity : Moderate

Publid Date: 2009-07-22T00:00:00Z

Links: CVE-2009-2405 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.jboss.org/jira/browse/JBAS-7105"}, {"name": "37276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37276"}, {"name": "1023315", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023315"}, {"name": "60899", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/60899"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37671"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"name": "60898", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/60898"}, {"name": "jboss-createsnapshot-xss(54700)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"}, {"name": "35680", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35680"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:15.197Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.jboss.org/jira/browse/JBAS-7105"}, {"name": "37276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37276"}, {"name": "1023315", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023315"}, {"name": "60899", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/60899"}, {"name": "RHSA-2009:1637", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"}, {"name": "37671", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37671"}, {"name": "RHSA-2009:1636", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"name": "RHSA-2009:1649", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"name": "60898", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/60898"}, {"name": "jboss-createsnapshot-xss(54700)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"}, {"name": "35680", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35680"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"}, {"name": "RHSA-2009:1650", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-2405", "datePublished": "2009-12-15T18:00:00", "dateReserved": "2009-07-09T00:00:00", "dateUpdated": "2024-08-07T05:52:15.197Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*", "matchCriteriaId": "E715EAF0-DAE9-4FD5-996E-18E61C9CC703", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*", "matchCriteriaId": "4E6C7D0B-DBC0-4414-9C40-713E01146FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:*", "matchCriteriaId": "C68C2A35-BC1E-414A-9DB1-7585435DCA33", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*", "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*", "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*", "matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga:*:*:*:*:*:*", "matchCriteriaId": "A04F68DF-F024-4349-B504-1D0588A20B20", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01:*:*:*:*:*:*", "matchCriteriaId": "888B9B34-40A3-4CE3-9643-0174CC61751B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:ga:*:*:*:*:*:*", "matchCriteriaId": "881A0E69-23D1-4446-8355-970E50C0290F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la consola web en el servidor de aplicaciones en Red Hat JBoss Enterprise Application Platform (tambi\u00e9n conocido como JBoss EAP or JBEAP) v4.2.0 anteriores a v4.2.0.CP08, v4.2.2GA, v4.3 anteriores a v4.3.0.CP07, y v5.1.0GA permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled para createThresholdMonitor.jsp. NOTA: Algunos de los detalles fueron obtenidos de terceras partes."}], "id": "CVE-2009-2405", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-12-15T18:30:00.407", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35680"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023315"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/60898"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/60899"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37276"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"}, {"source": "secalert@redhat.com", "url": "https://jira.jboss.org/jira/browse/JBAS-7105"}, {"source": "secalert@redhat.com", "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"}, {"source": "secalert@redhat.com", "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/60898"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/60899"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jira.jboss.org/jira/browse/JBAS-7105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-5.GA_CP08.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.22.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-5.GA_CP08.5.2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.14.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-6.GA_CP08.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1650", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-javamail-0:1.4.2-0jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.11.GA_CP02.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.5.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.9.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-commons-logging-jboss-0:1.1-9.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-6.GA_CP07.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.21.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jcommon-0:1.0.16-1.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.7-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.4.patch_02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1636", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.12.patch03.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jsf-0:1.2_13-2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.11GA_CP02.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.5.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.9.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-3.CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-6.GA_CP07.4.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-common-0:1.2.1-0jpp.ep1.3.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-3.SP3_CP09.4.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-3.SP1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.18.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP08.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP12.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-4.SP2_CP07.2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP05.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jcommon-0:1.0.16-1.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jfreechart-0:1.0.13-2.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.7-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-6.GA_CP07.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}, {"advisory": "RHSA-2009:1649", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "xml-security-0:1.3.0-1.3.patch01.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-12-09T00:00:00Z"}], "bugzilla": {"description": "JBoss Application Server Web Console XSS", "id": "510023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information."], "name": "CVE-2009-2405", "public_date": "2009-07-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-2405\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-2405"], "statement": "This flaw does not affect Red Hat JBoss Enterprise Application Platform 5 or 6. Older versions of the community JBoss Application Server 5.x may be affected.", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object