| VID |
210109 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sun Java System Web Server is vulnerable to cross-site scripting vulnerability in the search module. Sun Java System Web Server version 6.1 prior to SP9 and version 7.0 prior to Update 2 are vulnerable to cross-site scripting vulnerability, caused by improper validation of user-supplied input passed to the lib/webapps/search/index.jsp script of the search module. This vulnerability could allow a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1
http://www.frsirt.com/english/advisories/2008/1455
http://www.securitytracker.com/id?1019987
http://secunia.com/advisories/30133
* Platforms Affected:
Sun, Java System Web Server 6.1 HP UX
Sun, Java System Web Server 6.1 AIX
Sun, Java System Web Server 6.1 Linux
Sun, Java System Web Server 6.1 X86
Sun, Java System Web Server 6.1 Windows
Sun, Java System Web Server 6.1 SPARC
Sun, Java System Web Server 7.0 HP UX
Sun, Java System Web Server 7.0 X86
Sun, Java System Web Server 7.0 Linux
Sun, Java System Web Server 7.0 Windows
Sun, Java System Web Server 7.0 SPARC
Sun, Java System Web Server 7.0 Update2 |
| Recommendation |
Apply the appropriate patch for your system, available from the Sun Alert ID: 231467 at http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1 |
| Related URL |
CVE-2008-2166 (CVE) |
| Related URL |
29087 (SecurityFocus) |
| Related URL |
42263 (ISS) |
|
