Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 258528 Multiple Security Vulnerabilities in Sun GlassFish Enterprise Server 2.1 (formerly Sun Java System Application Server 9.1UR2) May Lead to a Denial of Service (DoS) Condition or Execution of JavaScript Code
Informations
Name SUN-258528 First vendor Publication 2009-05-11
Vendor Sun Last vendor Modification 2009-06-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun GlassFish Enterprise Server 2.1

Multiple security vulnerabilities in the HTTP Engine and the Administration Interface of the Sun GlassFish Enterprise Server may:

  1. Allow a remote unprivileged user to execute JavaScript within an authenticated user's browser session. These vulnerabilities may lead to various impacts, including theft of sensitive information (such as cookie information), access to user credentials, or the hijacking of sessions.

  2. Allow a local privileged user to consume excessive system resources, thereby leading to Denial of Service (DoS) to the system as a whole.

Sun acknowledges with thanks, Digital Security Research Group for bringing the issue described in Bug 6820994 to our attention.


State: Resolved
First released: 11-May-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_258528_cross_site

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2009-05-10 Name : GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities
File : nvt/GlassFish_34824.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54257 Glassfish Enterprise Server Admin Console /resourceNode/jdbcResourceEdit.jsf ...

54256 Glassfish Enterprise Server Admin Console /configuration/httpListenerEdit.jsf...

54255 Glassfish Enterprise Server Admin Console /configuration/auditModuleEdit.jsf ...

54254 Glassfish Enterprise Server Admin Console /webService/webServicesGeneral.jsf ...

54253 Glassfish Enterprise Server Admin Console /sysnet/registration.jsf URI XSS

54252 Glassfish Enterprise Server Admin Console /resourceNode/resources.jsf URI XSS

54251 Glassfish Enterprise Server Admin Console /customMBeans/customMBeans.jsf URI XSS

54250 Glassfish Enterprise Server Admin Console /configuration/configuration.jsf UR...

54249 Glassfish Enterprise Server Admin Console /applications/applications.jsf URI XSS

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:23
  • Multiple Updates