"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2019-11-26 02:01:59 +00:00 · 2019-11-26 02:01:59 +00:00 · c724e093db
commit c724e093db
parent 432cabe4ca
1 changed files with 57 additions and 3 deletions
--- a/2011/3xxx/CVE-2011-3606.json
+++ b/2011/3xxx/CVE-2011-3606.json
@ -1,8 +1,31 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-3606",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "JBoss Application Server",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "JBoss Application Server",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "7 before 7.1.0 Beta 1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,7 +34,38 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Cross-Site Scripting"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3606",
+                "refsource": "MISC",
+                "name": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
+            },
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606",
+                "refsource": "MISC",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
+            },
+            {
+                "url": "https://access.redhat.com/security/cve/cve-2011-3606",
+                "refsource": "MISC",
+                "name": "https://access.redhat.com/security/cve/cve-2011-3606"
            }
        ]
    }