Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 259588 Cross-Site Scripting (XSS) Vulnerability in the Sun Java System Web Server 6.1 Reverse Proxy Plug-in
Informations
Name SUN-259588 First vendor Publication 2009-06-03
Vendor Sun Last vendor Modification 2009-06-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Web Server 6.1

A Cross-Site Scripting (XSS) security vulnerability in the Sun Java System Web Server 6.1 Reverse Proxy Plug-in may allow a local or remote unprivileged user to execute arbitrary script or HTML within a user's browser which can lead to hijacked sessions, stolen cookie information, and a loss of data privacy between a client and the server.

State: Resolved
First released: 03-Jun-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_259588_cross_site

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 42
Application 24

OpenVAS Exploits

Date Description
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_lin.nasl
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54872 Sun Java System Web Server Reverse Proxy Plug-in Unspecified XSS

Nessus® Vulnerability Scanner

Date Description
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris10_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris8_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris9_116648.nasl - Type : ACT_GATHER_INFO