Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Sun Microsystems, Inc. - Sun GlassFish Enterprise Server

jvndb-2009-000027

Vulnerability from jvndb

Published

2009-05-13 15:37

Modified

2009-05-13 15:37

Severity ?

() - -

Summary

Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Details

Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. According to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor's website. Please note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor's website. Project VEX of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN73653977/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553
	BID	http://www.securityfocus.com/bid/34824
	VUPEN	http://www.vupen.com/english/advisories/2009/1255
	OSVDB	http://osvdb.org/54257
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Sun Microsystems, Inc.	Sun GlassFish Enterprise Server
	Sun Microsystems, Inc.	Sun Java System Application Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "dc:date": "2009-05-13T15:37+09:00",
  "dcterms:issued": "2009-05-13T15:37+09:00",
  "dcterms:modified": "2009-05-13T15:37+09:00",
  "description": "Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.\r\n\r\nSun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.\r\n\r\nAccording to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor\u0027s website.\r\n\r\nPlease note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor\u0027s website. \r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sun:glassfish_enterprise_server",
      "@product": "Sun GlassFish Enterprise Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:java_system_application_server",
      "@product": "Sun Java System Application Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000027",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73653977/index.html",
      "@id": "JVN#73653977",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/34824",
      "@id": "34824",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1255",
      "@id": "VUPEN/ADV-2009-1255",
      "@source": "VUPEN"
    },
    {
      "#text": "http://osvdb.org/54257",
      "@id": "54257",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting"
}