Cross-Site Scripting Vulnerabilities in Apache Geronimo 1.0
CVE-2006-0254

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 18 January 2006

Summary

Apache Geronimo 1.0 is affected by multiple cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can occur through manipulation of the time parameter to cal2.jsp, as well as via any invalid parameter. When the log file is accessed through the Web-Access-Log viewer, these injected scripts can be executed, potentially compromising the integrity of users' sessions and exposing sensitive data.

References

http://rhn.redhat.com/errata/RHSA-2008-0630.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/31493

third-party-advisoryx_refsource_SECUNIA

http://www.oliverkarow.de/research/geronimo_css.txt

x_refsource_MISC

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 18, 2006
Vulnerability Reserved
Jan 18, 2006