CVE-2006-2431

IBM Websphere Application Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nuri Fattah · textremotemultiple

https://www.exploit-db.com/exploits/28981

View Code ZIP pw:eip

References (16)

Core 16

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30055

Various Sources x_refsource_misc

http://www.niscc.gov.uk/niscc/docs/re-20061031-00727.pdf?lang=en

Patch vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16602&apar=only

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/25371

Patch x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21018

Patch vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/910

Patch x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/450704/100/0/threaded

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1736

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20032

Patch mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017170

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2006-November/001112.html

Scores

EPSS 0.0144

EPSS Percentile 80.8%

Details

CWE

CWE-79

Status published

Products (20)

ibm/websphere_application_server 5.0.0

ibm/websphere_application_server 5.0.1

ibm/websphere_application_server 5.0.2

ibm/websphere_application_server 5.1.0

ibm/websphere_application_server 5.1.0.2

ibm/websphere_application_server 5.1.0.3

ibm/websphere_application_server 5.1.0.4

ibm/websphere_application_server 5.1.0.5

ibm/websphere_application_server 5.1.1

ibm/websphere_application_server 5.1.1.1

... and 10 more

Published May 17, 2006

Tracked Since Feb 18, 2026