Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-2284

CVE-2009-2405 - Inputs passed to parameters in createSnapshot.jsp and createThresholdMonitor.jsp for the Web Console are not sanitized before being returned to the user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP 5.0.0.BETA
    • None
    • Consoles
    • None

    • JBPAPP_5_0

    • Release Notes

      Inputs passed to the "monitorName", "objectName", "attribute", and "period" parameters in createSnapshot.jsp and to the "monitorName", "objectName", "attribute", "period", and "threshold" parameters in createThresholdMonitor.jsp are not sanitized before being returned to the user. This can be exploited to allow arbitrary HTML and script code to be executed in a user's browser.

      (See bz#510023: https://bugzilla.redhat.com/show_bug.cgi?id=510023 )

        1. JBPAPP-2284.patch
          27 kB

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: