This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-08-09
Product Java System Portal Server Last view 2011-01-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sun:java_system_portal_server:7.1:*:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_portal_server:7.2:*:*:*:*:*:*:* 4
cpe:2.3:a:sun:java_system_portal_server:6.3.1:*:*:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_portal_server:7.0:*:*:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_portal_server:7.2:*:x86:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:7.2:*:sparc:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:6.3.1:*:x86:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:6.3.1:*:linux:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:7.1:*:sparc:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:7.1:*:x86:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:7.1:*:linux:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:7.2:*:linux:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_portal_server:6.3.1:*:sparc:*:*:*:*:* 1

Related : CVE

  Date Alert Description
1 2011-01-19 CVE-2010-4431

Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.

4.3 2009-12-03 CVE-2009-4187

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2009-05-26 CVE-2009-1796

Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.

4.3 2009-02-19 CVE-2008-6192

Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

5 2008-12-12 CVE-2008-5549

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."

6.8 2007-08-09 CVE-2007-4289

Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.

CWE : Common Weakness Enumeration

%idName
75% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
70565 Sun Java System Portal Server Proxy Unspecified Local Information Disclosure
60590 Sun Java System Portal Server Gateway Component Unspecified XSS
54705 Sun Java System Portal Server Unspecified XSS
50695 Sun Java System Portal Server Unspecified Information Disclosure
47559 Sun Java System Portal Server Unspecified Portlets XSS
37251 Sun Java System Portal Server Crafted XSLT Stylesheet Arbitrary Java Method E...

OpenVAS Exploits

id Description
2010-08-06 Name : Sun Java System Portal Server Multiple Cross Site Scripting Vulnerabilities
File : nvt/gb_sun_java_system_portal_server_xss_vuln.nasl

Nessus® Vulnerability Scanner

id Description
2007-10-15 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris8_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris10_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris10_x86_121914.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris8_x86_121914.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121913-20
File: solaris9_121913.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 121914-20
File: solaris9_x86_121914.nasl - Type: ACT_GATHER_INFO