[Japanese]

JVNDB-2007-000823

Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Overview

Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting.

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Sun Microsystems, Inc.
  • Sun Java System Web Proxy Server 6.1 SP7 and earlier
  • Sun Java System Web Server 6.1 SP7 and earlier
  • Sun Java System Web Server 7.0

Impact

An arbitrary script can be executed on the user's web browser.
Solution

[Update the Software]
Apply the latest update provided by the vendor.
Vendor Information

Sun Microsystems, Inc.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-6569
References

  1. JVN : JVN#89292430
  2. National Vulnerability Database (NVD) : CVE-2007-6569
  3. Secunia Advisory : SA28216
  4. Secunia Advisory : SA28186
  5. SecurityFocus : 26978
  6. FrSIRT Advisories : FrSIRT/ADV-2007-4313
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/12/21
Date First Published2008/05/21
Date Last Updated2008/05/21