Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

BID:12746

Info

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID: 12746
Class: Input Validation Error
CVE: CVE-2005-0548
CVE-2005-0549
Remote: Yes
Local: No
Published: Mar 07 2005 12:00AM
Updated: Dec 11 2009 03:44PM
Credit: Discovery is credited to Thomas Liam Romanis.
Vulnerable: Sun AnswerBook2 1.4.4
Sun AnswerBook2 1.4.3
Sun AnswerBook2 1.4.2
- Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 Sun AnswerBook2 1.4.1
- Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
 - Sun Solaris 8_x86
 - Sun Solaris 8_x86
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 Sun AnswerBook2 1.4
- Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 Sun AnswerBook2 1.3
- Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _x86
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1 _ppc
 - Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 8_sparc
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0_x86
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 7.0
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6_x86
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.6
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5_x86
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.5
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4_x86
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.4
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 - Sun Solaris 2.3
 Sun AnswerBook2 1.2
+ Sun Solaris 8_x86
 + Sun Solaris 8_sparc
 + Sun Solaris 7.0_x86
 + Sun Solaris 7.0
 + Sun Solaris 2.6_x86
 + Sun Solaris 2.6_sparc
 + Sun Solaris 2.6
Not Vulnerable:

Discussion

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials and launch other attacks.

The Search function and the AnswerBook2 admin interface are affected.

AnswerBook2 1.4.4 and prior versions are vulnerable.

Exploit / POC

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

An exploit is not required.

The following proofs of concept are available:

For the cross-site scripting issue in the Answerbook2 search function:

http://www.example.com/ab2/Help_C/@Ab2HelpSearch?scope=HELP&DwebQuery=%3Cscript%3Ealert%28%22hello%22%
29%3C%2Fscript%3E&Search=+Search+

For the admin interface 'View Log Files' function:

http://www.example.com/ab2/@Ab2Admin?command=view_access

Solution / Fix

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Solution:
Sun has released an advisory to address these issues. Please see the referenced advisory for details.

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report