Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2007-08-09 |
| Product | Java System Portal Server | Last view | 2011-01-19 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 1 | 2011-01-19 | CVE-2010-4431 | Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy. |
| 4.3 | 2009-12-03 | CVE-2009-4187 | Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | 2009-05-26 | CVE-2009-1796 | Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. |
| 4.3 | 2009-02-19 | CVE-2008-6192 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| 5 | 2008-12-12 | CVE-2008-5549 | Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." |
| 6.8 | 2007-08-09 | CVE-2007-4289 | Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 75% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 70565 | Sun Java System Portal Server Proxy Unspecified Local Information Disclosure |
| 60590 | Sun Java System Portal Server Gateway Component Unspecified XSS |
| 54705 | Sun Java System Portal Server Unspecified XSS |
| 50695 | Sun Java System Portal Server Unspecified Information Disclosure |
| 47559 | Sun Java System Portal Server Unspecified Portlets XSS |
| 37251 | Sun Java System Portal Server Crafted XSLT Stylesheet Arbitrary Java Method E... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-08-06 | Name : Sun Java System Portal Server Multiple Cross Site Scripting Vulnerabilities File : nvt/gb_sun_java_system_portal_server_xss_vuln.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-10-15 | Name: The remote host is missing Sun Security Patch number 121913-20 File: solaris8_121913.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 121913-20 File: solaris10_121913.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 121914-20 File: solaris10_x86_121914.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 121914-20 File: solaris8_x86_121914.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 121913-20 File: solaris9_121913.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 121914-20 File: solaris9_x86_121914.nasl - Type: ACT_GATHER_INFO |
