Vulnerability Bulletins |
Cross-Site Scripting en Sun ONE / Sun Java System Web server |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Integridad |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Comercial Software |
Affected software |
Sun ONE Web Server 6.0 Service Pack 9 Sun Java System Web Server 6.1 Service Pack 4 Sun ONE Application Server 7 Platform Edition Update 6 Sun ONE Application Server 7 Standard Edition Update 6 Sun Java System Application Server 7 2004Q2 Standard Edition Update 2 Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2 |
Description |
|
Se ha descubierto una vulnerabilidad en varias versiones de Sun Java System Web Server y Sun Java System Application Server. La vulnerabilidad reside en un error al validar la entrada del usuario. Un atacante remoto podría inyectar código HTML o Web Script para realizar ataques Cross-Site Scripting (XSS) para robar información de las cookies, robar sesiones, o causar pérdida de privacidad en la comunicación entre cliente y servidor. |
|
Solution |
|
Actualización de software Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 Service Pack 5 (International) http://www.sun.com/download/products.xml?id=43c43041) Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=427fe06d Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId=SJAS72004Q2U3-EE-OTH-G-ES |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-2501 |
BID | 18035 |
Other resources |
|
Sun Alert Notification (102164) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 JPCERT/CC (JVN#03D5EAA8) http://jvn.jp/jp/JVN%2303D5EAA8/index.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-05-19 |
1.1 | CVE añadido. Otras referencias añadidas. | 2006-06-20 |