This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2008-12-12
Product Java System Portal Server Last view 2011-01-19
Version 7.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_portal_server

Activity : Overall

Related : CVE

  Date Alert Description
1 2011-01-19 CVE-2010-4431

Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.

4.3 2009-12-03 CVE-2009-4187

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2009-05-26 CVE-2009-1796

Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.

4.3 2009-02-19 CVE-2008-6192

Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

5 2008-12-12 CVE-2008-5549

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."

CWE : Common Weakness Enumeration

%idName
75% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
70565 Sun Java System Portal Server Proxy Unspecified Local Information Disclosure
60590 Sun Java System Portal Server Gateway Component Unspecified XSS
54705 Sun Java System Portal Server Unspecified XSS
50695 Sun Java System Portal Server Unspecified Information Disclosure
47559 Sun Java System Portal Server Unspecified Portlets XSS

OpenVAS Exploits

id Description
2010-08-06 Name : Sun Java System Portal Server Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_sun_java_system_portal_server_xss_vuln.nasl

Nessus® Vulnerability Scanner

id Description
2007-10-15 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris8_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris10_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris10_x86_121914.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris8_x86_121914.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris9_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris9_x86_121914.nasl - Type: ACT_GATHER_INFO