fkie_nvd - fkie_cve-2011-1360

fkie_cve-2011-1360

Vulnerability from fkie_nvd

Published

2011-10-28 02:49

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/.

References

▶	URL	Tags
	cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21502580
	cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg1PM41293
	cve@mitre.org	http://www.securityfocus.com/bid/50447
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/69656
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21502580
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1PM41293
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/50447
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69656

Impacted products

Vendor	Product	Version
ibm	http_server	*
ibm	http_server	1.0
ibm	http_server	1.3.6.3
ibm	http_server	1.3.12
ibm	http_server	1.3.12.2
ibm	http_server	1.3.12.6
ibm	http_server	1.3.12.7
ibm	http_server	1.3.19
ibm	http_server	1.3.19.4
ibm	http_server	1.3.19.5
ibm	http_server	1.3.19.6
ibm	http_server	1.3.26
ibm	http_server	1.3.26.1
ibm	http_server	1.3.26.2
ibm	http_server	1.3.28
ibm	http_server	1.3.28.1
ibm	http_server	2.0
ibm	http_server	2.0.42
ibm	http_server	2.0.42.1
ibm	http_server	2.0.42.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE6D8D7-59B7-48C6-8FC9-09F865F8E2F1",
              "versionEndIncluding": "2.0.47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E57CC63-1B22-4589-8C84-F790D5F6BCB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C0BA13-BCB4-43EF-B4DB-B36BF27268FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CE49B4C-1ED3-4E87-B5CE-BCF223D6513F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B60329EF-4E6E-4BAA-AD34-D79588BD5FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "322876F1-4AD3-45A8-9239-D80F430DDF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F8A4CD-81C4-482E-9D9C-80A80AAD1C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C3A030-EF04-4C82-BFD5-CF6459099B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA78FCB-254B-4F93-A178-0B0CCD4F300C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D138BA7-7740-4CD7-8464-5F78B0411FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A66BEC-6D58-4306-97FB-B8937A31886D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F43768E-F635-4A5E-892E-F8A732AC9F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.26.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE51E2D-29DA-41D8-824A-05FD4D208ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.26.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7581135B-5A4C-48DA-8FCC-A06FB0C22072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4ED546C-D170-475B-9BB5-F23EAAD8B035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30715B4-8BDA-48D7-A5C5-C5482C9F165E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21666A59-E82A-4156-AB11-DE38756B3DD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:2.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BBE18AC-99F8-4D82-8724-B99E82F6892E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:2.0.42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9075EC-9B80-45F8-AEDF-04A8C49C7C74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:2.0.42.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F49DC1E-B67A-46CB-83B1-24FAFBDBE9E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/."
    },
    {
      "lang": "es",
      "value": "vulnerabilidad m\u00faltiple en cross-site scripting (XSS) en IBM HTTP Server v2.0.47 y anteriores, se utiliza en WebSphere Application Server y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados que involucran archivos de documentaci\u00f3n en (1) manual/ibm/ y (2) htdocs/*/manual/ibm/."
    }
  ],
  "id": "CVE-2011-1360",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-28T02:49:52.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21502580"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM41293"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/50447"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21502580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM41293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/50447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69656"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1360 (GCVE-0-2011-1360)

Vulnerability from cvelistv5

Published

2011-10-28 01:00