Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Sun Alert 256568 Cross-Site Scripting (XSS) Security Vulnerability in the Sun Java System Access Manager Cross-Domain Controller (CDC) |
| Informations | |||
|---|---|---|---|
| Name | SUN-256568 | First vendor Publication | 2009-06-29 |
| Vendor | Sun | Last vendor Modification | 2010-01-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Sun Java System Access Manager A cross-site scripting (XSS) vulnerability in the Sun Java System Access Manager Cross-Domain Controller (CDC) may allow an unprivileged remote user to inject code into web pages served by the Access Manager CDC which can result in various impacts including the theft of sensitive information such as cookie information, access to user credentials, or the hijacking of sessions. The Cross-Domain Controller (CDC) is a servlet that communicates with policy agents outside its own domain, and then checks for a user's Single Sign-On (SSO) information. State: Resolved First released: 29-Jun-2009 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_256568_cross_site |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 55451 | Sun Java System Access Manager Cross-Domain Controller (CDC) Unspecified XSS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris10_120954.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris10_x86_120955.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris8_120954.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris9_120954.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris9_x86_120955.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris10_119465.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris10_x86_119465.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris8_119465.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris8_x86_119465.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris9_119465.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119465-17 File : solaris9_x86_119465.nasl - Type : ACT_GATHER_INFO |
