SecurityLex.org - Vulnerability Test Information

Search CVSS vectors
CVSS Base score between and
Access Vector		Confidentiality Impact
Access Complexity		Integrity Impact
Authentification		Availability Impact
Impact Bias

Your search for "CVE-2006-0254" returned:

CVE Entries: CVE-2006-0254	Name: CVE-2006-0254
CVE References: cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Risk: Medium		CVSS Base Score: 4.3 (ver.2.0 upgrade from v1.0)
Access Vector: Network		Access Complexity: Medium	Authentication: Not required
Confidentiality Impact: None	Integrity Impact: Partial	Availability Impact: None	Impact Bias: N/A
Security vendors coverage: Nessus Plugin ID: 20738 43840
Description: Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
Vulnerability Type: Input validation error
Vulnerable Versions: Product: Geronimo Vendor: Apache Software Foundation Versions: 1.0
References: BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/421996/100/0/threaded http://issues.apache.org/jira/browse/GERONIMO-1474 http://www.oliverkarow.de/research/geronimo_css.txt https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create BID: http://www.securityfocus.com/bid/16260 FRSIRT: http://www.frsirt.com/english/advisories/2006/0217 SECUNIA: http://secunia.com/advisories/18485 https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create XF: http://xforce.iss.net/xforce/xfdb/24159 XF: http://xforce.iss.net/xforce/xfdb/24158
Created: 2006-01-17 00:00:00		Last Changed: 2006-02-03 00:00:00

The Complete Lexicon to Security