| VID |
22246 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Jigsaw Web server, according to its banner, has a remote URI parsing vulnerability. Jigsaw is a Java-based Web server, developed by the W3C (World Wide Web Consortium), for Microsoft Windows, Linux and Unix-based operating systems. Jigsaw versions prior to 2.2.4 could allow a remote attacker to execute arbitrary code on the system, due to handling insufficiently user supplied URI input. A remote attacker could construct a malicious link that contains hostile HTML and script code, which would be executed in the victim's Web browser within the security context of the hosting site, once the malicious link is clicked.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securitytracker.com/alerts/2004/Feb/1009169.html
* Platforms Affected:
W3C Jigsaw prior to 2.2.4
Linux Any version
Microsoft Windows Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Jigsaw (2.2.4 or later), available from the Jigsaw Web site at http://www.w3.org/Jigsaw/ |
| Related URL |
CVE-2004-2274 (CVE) |
| Related URL |
9711 (SecurityFocus) |
| Related URL |
15298 (ISS) |
|
