SecurityTeam US - Sun Java System Application Server Cross-Site Scripting


	Contribute : Advanced Search : Web Resources : Polls : File Repository

Poll
What would you like to see on SecurityTeamUS? More News Product Reviews HowTo's Custom RPM/Packages/Tools Other (Please leave comment) Results 96 votes \| 0 comments

Topics
Home Apache Apple Application Software Cisco Systems Database Servers Internet Explorer Linux Macromedia Microsoft Mozilla/Firefox Phishing/ID Theft Real Networks Security News Sun Microsystems Web Appliances/Devices Web Scripts Wi-Fi

Virus Alerts
17 Apr 2011 Troj/Mdrop-DKE 17 Apr 2011 Troj/Sasfis-O 17 Apr 2011 Troj/Keygen-FU 17 Apr 2011 Troj/Zbot-AOY 17 Apr 2011 Troj/Zbot-AOW 17 Apr 2011 W32/Womble-E 17 Apr 2011 Troj/VB-FGD 17 Apr 2011 Troj/FakeAV-DFF 17 Apr 2011 Troj/SWFLdr-W 17 Apr 2011 W32/RorpiaMem-A

Events
There are no upcoming events

Welcome to SecurityTeam US
Monday, February 06 2012 @ 12:29 PM EST

Sun Java System Application Server Cross-Site Scripting

Monday, March 28 2005 @ 08:42 AM EST

Eric Hobbs has reported a vulnerability in Sun Java System Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerability is caused due to an unspecified input validation error and can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

The following versions are affected:
* Sun Java System Application Server Standard Edition 7 Update Release 5 and prior
* Sun Java System Application Server Platform Edition 7 Update Release 5 and prior
* Sun Java System Application Server 7 2004Q2 Standard Edition Update Release 1 and prior
* Sun Java System Application Server 7 2004Q2 Enterprise Edition Update Release 1 and prior

SOFTWARE:
Sun Java System Application Server (Sun ONE) 7.x

SOLUTION:
The vendor has issued updated versions.

Sun Java System Application Server 7 Standard Edition Update 6:
http://www.sun.com/download/products.xml?id=41c239a4

Sun Java System Application Server 7 Platform Edition Update 6:
http://www.sun.com/download/products.xml?id=41c374e2

Sun Java System Application Server 7 2004Q2 Standard Edition Update 2:
http://www.sun.com/download/products.xml?id=41e32dfb

Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2:
https://osc-amer.sun.com/OSCSW/svcportal?pageName=clselection

PROVIDED AND/OR DISCOVERED BY:
Eric Hobbs, MagnaWare.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1

VERIFY ADVISORY:
http://secunia.com/advisories/14677/

Secunia Security Advisories

What's Related
http://www.sun.com/down... http://www.sun.com/down... http://www.sun.com/down... https://osc-amer.sun.co... http://sunsolve.sun.com... http://secunia.com/advi... More from Sun Microsystems

Story Options
Mail Story to a Friend Printable Story Format

Sun Java System Application Server Cross-Site Scripting | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Dedicated Servers
Created this page in 0.18 seconds