Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
BID:30738
Info
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
| Bugtraq ID: | 30738 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6192 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 18 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Sun Java System Portal Server 7.1 Sun Java System Portal Server 7.0 Sun Java System Portal Server 7 |
| Not Vulnerable: | |
Discussion
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
Some unspecified Portlets bundled with Sun Java System Portal Server are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Sun Java System Portal Server 7.0 and 7.1 are affected.
Some unspecified Portlets bundled with Sun Java System Portal Server are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Sun Java System Portal Server 7.0 and 7.1 are affected.
Exploit / POC
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Sun Java System Portal Server 7.1
Sun Java System Portal Server 7.0
Solution:
The vendor has released updates. Please see the references for more information.
Sun Java System Portal Server 7.1
-
Sun 124301-10
for SPARC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-10-1 -
Sun 124302-10
for x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124302-10-1 -
Sun 124303-11
for linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124303-11-1
Sun Java System Portal Server 7.0
-
Sun 121913-19
for SPARC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121913-19-1 -
Sun 121914-19
for x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121914-19-1 -
Sun 121915-19
for linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121915-19-1
References
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
References:
References:
- Sun Java System Portal Server Homepage (Sun Microsystems)
- Sun Alert 239308 Cross Site Scripting (XSS) Vulnerability in Sun Java System Por (Sun Microsystems)