CVE-2011-4575: Input Validation
First published: Tue Dec 06 2011(Updated: )
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Web Platform | =5.2.0 | |
| JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise BRMS Platform | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://secunia.com/advisories/52054
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://www.osvdb.org/89578
- https://bugzilla.redhat.com/show_bug.cgi?id=760387
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://www.securityfocus.com/bid/57548
- http://secunia.com/advisories/51984
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0194.html
- https://rhn.redhat.com/errata/RHSA-2013-0192.html
- https://rhn.redhat.com/errata/RHSA-2013-0191.html
- https://rhn.redhat.com/errata/RHSA-2013-0195.html
- https://rhn.redhat.com/errata/RHSA-2013-0193.html
- https://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0196.html
- https://rhn.redhat.com/errata/RHSA-2013-0198.html
- https://rhn.redhat.com/errata/RHSA-2013-0221.html
- https://rhn.redhat.com/errata/RHSA-2013-0533.html
Frequently Asked Questions
What is the severity of CVE-2011-4575?
CVE-2011-4575 has been classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2011-4575?
To fix CVE-2011-4575, upgrade to JBoss Enterprise Application Platform 5.2.0 or later, Web Platform 5.2.0 or later, or BRMS and SOA Platforms 5.3.1 or later.
What versions are affected by CVE-2011-4575?
CVE-2011-4575 affects JBoss Enterprise Application Platform versions before 5.2.0, Web Platform versions before 5.2.0, and BRMS and SOA Platforms before 5.3.1.
What types of attacks can be executed due to CVE-2011-4575?
CVE-2011-4575 allows remote attackers to inject arbitrary web scripts or HTML into the JMX console, enabling potential cross-site scripting attacks.
Is CVE-2011-4575 present in JBoss EAP 5.2.0?
No, CVE-2011-4575 is not present in JBoss EAP version 5.2.0 and later, as it has been patched.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4575
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/redhat
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.2.0
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.2.0
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.3.0