Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
BID:22302
Info
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
| Bugtraq ID: | 22302 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0628 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Sun Java System Access Manager 7.0 2005Q4 Solaris x Sun Java System Access Manager 7.0 2005Q4 Solaris S Sun Java System Access Manager 7.0 2005Q4 Linux Sun Java System Access Manager 6.2 Sun Java System Access Manager 6.1 Sun Java System Access Manager 6 2005Q1 Solaris x86 Sun Java System Access Manager 6 2005Q1 Solaris SPA Sun Java System Access Manager 6 2005Q1 Linux |
| Not Vulnerable: | |
Discussion
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
Sun Java System Access Manager is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Sun Java System Access Manager is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
Solution:
The vendor has released patches to address this issue. Please see the references for more information.
Sun Java System Access Manager 6 2005Q1 Solaris SPA
Sun Java System Access Manager 6 2005Q1 Solaris x86
Sun Java System Access Manager 7.0 2005Q4 Solaris x
Sun Java System Access Manager 7.0 2005Q4 Linux
Sun Java System Access Manager 7.0 2005Q4 Solaris S
Sun Java System Access Manager 6.1
Sun Java System Access Manager 6 2005Q1 Linux
Sun Java System Access Manager 6.2
Solution:
The vendor has released patches to address this issue. Please see the references for more information.
Sun Java System Access Manager 6 2005Q1 Solaris SPA
-
Sun 119465-10 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119465-10&method=h
Sun Java System Access Manager 6 2005Q1 Solaris x86
-
Sun 119502-10 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119502-10&method=h
Sun Java System Access Manager 7.0 2005Q4 Solaris x
-
Sun 120955-04 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=120955-04&method=h
Sun Java System Access Manager 7.0 2005Q4 Linux
-
Sun 120954-04 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=120954-04&method=h
Sun Java System Access Manager 7.0 2005Q4 Solaris S
-
Sun 120956-04 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=120956-04&method=h
Sun Java System Access Manager 6.1
Sun Java System Access Manager 6 2005Q1 Linux
-
Sun 119465-10 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119465-10&method=h
Sun Java System Access Manager 6.2
-
Sun 115766-13 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=115766-13&method=h -
Sun 119409-13 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119409-13&method=h -
Sun 120091-13 (sun)
http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=120091-13&method=h
References
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability
References:
References: