CVE-2011-3606

Name of the Vulnerable Software and Affected Versions JBoss Application Server versions prior to 7.1.0 Beta 1

Description A DOM based cross-site scripting flaw was found in the administration console of the JBoss Application Server. A remote attacker could provide a specially-crafted web page and trick a valid JBoss AS user with administrator privilege to visit it, leading to DOM environment modification and arbitrary HTML or web script execution.

Recommendations For JBoss Application Server versions prior to 7.1.0 Beta 1, update to version 7.1.0 Beta 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration console to minimize the risk of exploitation.