Межсайтовый скриптинг в Sun Java System Web Server / Web Proxy Server

Дата публикации:
25.12.2007
Дата изменения:
27.01.2008
Всего просмотров:
5987
Опасность:
Низкая
Наличие исправления:
Да
Количество уязвимостей:
1
CVSSv2 рейтинг:
CVE ID:
Нет данных
Вектор эксплуатации:
Удаленная
Воздействие:
Межсайтовый скриптинг
CWE ID:
Нет данных
Наличие эксплоита:
Нет данных
Уязвимые продукты:
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
Sun Java System Web Proxy Server 3.x
Sun Java System Web Proxy Server 4.x
Sun Java System Web Server 7.x
Уязвимые версии:
Sun Java System Web Proxy Server 3.x
Sun Java System Web Proxy Server 4.x
Sun Java System Web Server (Sun ONE/iPlanet) 6.x
Sun Java System Web Server 7.x

Описание:
Уязвимость позволяет удаленному пользователю произвести XSS нападение.

Уязвимость существует из-за недостаточной обработки входных данных. Удаленный пользователь может с помощью специально сформированного запроса выполнить произвольный код сценария в браузере жертвы в контексте безопасности уязвимого сайта.

URL производителя: www.sun.com

Решение: Установите исправление с сайта производителя.

-- SPARC Platform --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Server 6.1 with patch 116648-20 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-116648-20-1

* Sun Java System Web Server 7.0 with Update 1 or later
http://www.sun.com/download/products.xml?id=467713d6

* Sun Java System Web Server 7.0 with patch 125437-07 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125437-07-1

* Sun Java System Web Proxy Server 3.6 Service Pack 11 or later
http://www.sun.com/download/products.xml?id=472a622f

* Sun Java System Web Proxy Server 4.0.6 or later
http://www.sun.com/download/products.xml?id=4701e042

* Sun Java System Web Proxy Server 4.0 with patch 120981-13 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120981-13-1


-- x86 Platform --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Server 6.1 with patch 116649-20 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-116649-20-1

* Sun Java System Web Server 7.0 with Update 1 or later
http://www.sun.com/download/products.xml?id=467713d6

* Sun Java System Web Server 7.0 with patch 125438-07 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125438-07-1

* Sun Java System Web Proxy Server 4.0.6 or later
http://www.sun.com/download/products.xml?id=4701e042

* Sun Java System Web Proxy Server 4.0 with patch 120982-13 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120982-13-1


-- Linux --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Server 6.1 with patch 118202-12 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-118202-12-1

* Sun Java System Web Server 7.0 with Update 1 or later
http://www.sun.com/download/products.xml?id=467713d6

* Sun Java System Web Server 7.0 with patch 125439-07 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125439-07-1

* Sun Java System Web Proxy Server 4.0.6 or later
http://www.sun.com/download/products.xml?id=4701e042

* Sun Java System Web Proxy Server 4.0 with patch 120983-13 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120983-13-1


-- Windows --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Server 6.1 with patch 121524-04 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-121524-04-1

* Sun Java System Web Server 7.0 with Update 1 or later
http://www.sun.com/download/products.xml?id=467713d6

* Sun Java System Web Server 7.0 with patch 125441-06 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125441-06-1

* Sun Java System Web Proxy Server 3.6 Service Pack 11 or later
http://www.sun.com/download/products.xml?id=472a622f

* Sun Java System Web Proxy Server 4.0.6 or later
http://www.sun.com/download/products.xml?id=4701e042


-- HP-UX --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Server 6.1 with patch 121510-04 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-121510-04-1

* Sun Java System Web Server 7.0 with Update 1 or later
http://www.sun.com/download/products.xml?id=467713d6

* Sun Java System Web Server 7.0 with patch 125440-01 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125440-01-1

* Sun Java System Web Proxy Server 3.6 Service Pack 11 or later
http://www.sun.com/download/products.xml?id=472a622f

* Sun Java System Web Proxy Server 4.0.6 or later
http://www.sun.com/download/products.xml?id=4701e042

* Sun Java System Web Proxy Server 4.0 with patch 123532-03 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-123532-03-1


-- AIX --
* Sun Java System Web Server 6.1 with Service Pack 8 or later
http://www.sun.com/download/products.xml?id=4694392a

* Sun Java System Web Proxy Server 3.6 Service Pack 11 or later
http://www.sun.com/download/products.xml?id=472a622f

Ссылки: Cross-site Scripting Vulnerability in Sun Java System Web Server and Web Proxy Server

или введите имя

CAPTCHA