Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-2751 | First vendor Publication | 2008-06-18 |
| Vendor | Cve | Last vendor Modification | 2018-10-11 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2751 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 46730 | GlassFish Application Server resourceNode/jdbcConnectionPoolNew1.jsf Multiple... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name', 'propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType' and 'propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db' variables upon submission to the resourceNode/jdbcConnectionPoolNew1.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46729 | GlassFish Application Server applications/lifecycleModulesNew.jsf Multiple Pa... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname' and 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder' variables upon submission to the applications/lifecycleModulesNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46728 | GlassFish Application Server resourceNode/jdbcResourceNew.jsf Multiple Parame... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext' and 'propertyForm:propertySheet:propertSectionTextField:descProp:desc' variables upon submission to the resourceNode/jdbcResourceNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46727 | GlassFish Application Server resourceNode/jmsConnectionNew.jsf Multiple Param... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi' and 'propertyForm:propertySheet:generalPropertySheet:descProp:cd' variables upon submission to the resourceNode/jmsConnectionNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46726 | GlassFish Application Server resourceNode/jmsDestinationNew.jsf Multiple Para... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi', 'propertyForm:propertySheet:propertSectionTextField:nameProp:name' and 'propertyForm:propertySheet:propertSectionTextField:descProp:desc' variables upon submission to the resourceNode/jmsDestinationNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46725 | GlassFish Application Server resourceNode/externalResourceNew.jsf Multiple Pa... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup' and 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc' variables upon submission to the resourceNode/externalResourceNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 46724 | GlassFish Application Server resourceNode/customResourceNew.jsf Multiple Para... GlassFish Application Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType', 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass' and 'propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc' variables upon submission to the resourceNode/customResourceNew.jsf script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:07:38 |
|
| 2021-04-22 01:08:01 |
|
| 2020-05-23 00:21:50 |
|
| 2018-10-12 00:20:22 |
|
| 2017-08-08 09:24:10 |
|
| 2013-05-11 00:19:33 |
|
