Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 231467 Cross-Site Scripting Vulnerability in Sun Java System Web Server Search Module
Informations
Name SUN-231467 First vendor Publication 2008-05-06
Vendor Sun Last vendor Modification 2008-05-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Web Server 7.0 Update 2, Sun Java System Web Server 6.1 Service Pack 9


A cross-site scripting (XSS) vulnerability in the Sun Java System Web Server search module may allow a local or remote unprivileged user the ability to execute arbitrary scripts on the system hosting the web server.

State: Resolved
First released: 06-May-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_231467_cross_site

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 11

Open Source Vulnerability Database (OSVDB)

Id Description
44850 Sun Java System Web Server lib/webapps/search/index.jps XSS

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-05-29 IAVM : 2008-B-0045 - Multiple Sun Java System Application Server and Web Server Vulnerabilities
Severity : Category II - VMSKEY : V0016025

Nessus® Vulnerability Scanner

Date Description
2008-05-09 Name : The remote web server contains a JSP application that is affected by a cross-...
File : sun_java_web_server_search_xss.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris10_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris8_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris9_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris10_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris8_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris9_116648.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:12
  • Multiple Updates