Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-1983

CVE-2009-1380-Cross Site Scripting with "filter" parameter (low)

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: 4.3.0.GA_CP03_FP01, 4.2.0.GA_CP06, 4.3.0.GA_CP04
    • Fix Version/s: 4.2.0.GA_CP08, 4.3.0.GA_CP07
    • Component/s: Consoles
    • Labels:
      None
    • Environment:

      4.3.0.GA_CP01_SOA_STANDALONE (build: SVNTag=4.3.0.GA_CP01_SOA_STANDALONE date=200904071212)

    • Affects:
      Release Notes
    • Workaround Description:
      Hide

      Don't trust use input, always filter user-supplied parameter (see OWASP Top 10)

      Show
      Don't trust use input, always filter user-supplied parameter (see OWASP Top 10)
    • Estimated Difficulty:
      Low

      Description

      The jmx console does not encode quote characters if they trailing after the colon (key property) , which allows cross-site-scripting attacks.

      to reproduce:

      In /jmx-console/HtmlAdaptor?action=displayMBeans

      enter as filter

      aaa:" onmouseover=alert(1) "

      move mouse over filter field

      A box pops up, and "Invalid character '"' in value part of property" is prompted

      The resulting html is <input type="text" name="filter" size="40" value="aaa:" onmouseover=alert(1) ",*">

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                istudens Ivo Studensky
                Reporter:
                fnasser Fernando Nasser
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: