CVE-2006-2431

{"id": "CVE-2006-2431", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-05-17T10:06:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20032", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/910", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017170", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only", "source": "cve@mitre.org"}, {"url": "http://www.attrition.org/pipermail/vim/2006-November/001112.html", "source": "cve@mitre.org"}, {"url": "http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25371", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/450704/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21018", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1736", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30055", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as \"faultfactor,\" but this is likely erroneous."}], "lastModified": "2018-10-18T16:39:58.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84200300-1985-4770-81E0-31CB2CB99DCB"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8873A6A6-D840-48E2-AED2-BB8584E3817A"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB3F05B9-6EE1-4838-AD41-7DD329E71E3E"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DB2053-6DFD-4FF6-A6E9-444281531E24"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80A7DAA3-2FFC-4AA3-AEB9-9ADF4A10AC39"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6453897-CA51-4143-B58D-689E0B69CE34"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72DB3E62-C18C-440D-B2C8-E14122D2EEFA"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6B95B55-7A5E-4504-B5B5-B7B03403E3A5"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31419896-89F7-43A2-8B7C-3B92744BBC46"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA0FE3E-2FB7-415D-BC64-4B5157EABB21"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D8219D5-94D7-4E1B-BFA9-EF786FFD2C3C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA0C57F6-D011-47C1-B9DC-B1C3083FD28C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2604E01-E43E-4882-8896-5E646E850286"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B68EE27-CC4F-4530-9DFE-D94171C45F64"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810E5AEC-5C35-4962-B9BB-32D66290D1D2"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}