Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	12775
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 01 2005 12:00AM
Updated:	Mar 01 2005 12:00AM
Credit:	Discovery is credited to Eric Hobbs from MagnaWare.
Vulnerable:	Sun Java System Application Server 7.0 UR5 Standard Edition Sun Java System Application Server 7.0 UR5 Platform Edition Sun Java System Application Server 7.0 UR4 Sun Java System Application Server 7.0 2004Q2 R1Standard Sun Java System Application Server 7.0 2004Q2 R1Enterprise Sun Java System Application Server 7.0 Standard Edition Sun Java System Application Server 7.0 Platform Edition Sun Java System Application Server 7.0 2004Q2
Not Vulnerable:	Sun Java System Application Server 7.0 UR6 Standard Edition Sun Java System Application Server 7.0 UR6 Platform Edition Sun Java System Application Server 7.0 2004Q2 R2 Standard Sun Java System Application Server 7.0 2004Q2 R2 Enterprise

Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

An unspecified remote cross-site scripting vulnerability affects Sun Java System Application Server.

This attack would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.

This BID will be updated when more information becomes available.

Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

An exploit is not required to leverage this issue.

Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

Solution:
Sun has released updates to address this issue on affected platforms. Please see the referenced advisory for more information.

Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

References:

• Sun Alert ID: 57742 - Cross Site Scripting Vulnerability in Sun Java System (Sun)
  
• Sun Java System Application Server Homepage (Sun)