Vulnerabilites related to Sun Microsystems, Inc. - Sun Java System Application Server
jvndb-2006-000293
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sun Java System Web Server cross-site scripting vulnerability
Details
Sun Java System Web Server (originally called Sun ONE Web Server) contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000293.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Sun Java System Web Server (originally called Sun ONE Web Server) contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page.", "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000293.html", "sec:cpe": [ { "#text": "cpe:/a:sun:java_system_application_server", "@product": "Sun Java System Application Server", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:java_system_web_server", "@product": "Sun Java System Web Server", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:one_application_server", "@product": "Sun ONE Application Server", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2006-000293", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN03D5EAA8/index.html", "@id": "JVN#03D5EAA8", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2501", "@id": "CVE-2006-2501", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2501", "@id": "CVE-2006-2501", "@source": "NVD" }, { "#text": "http://www.kb.cert.org/vuls/id/114956", "@id": "VU#114956", "@source": "CERT-VN" }, { "#text": "http://www.securityfocus.com/bid/18035", "@id": "18035", "@source": "BID" } ], "title": "Sun Java System Web Server cross-site scripting vulnerability" }
jvndb-2009-000027
Vulnerability from jvndb
Published
2009-05-13 15:37
Modified
2009-05-13 15:37
Summary
Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Details
Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.
Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.
According to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor's website.
Please note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor's website.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html", "dc:date": "2009-05-13T15:37+09:00", "dcterms:issued": "2009-05-13T15:37+09:00", "dcterms:modified": "2009-05-13T15:37+09:00", "description": "Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.\r\n\r\nSun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.\r\n\r\nAccording to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor\u0027s website.\r\n\r\nPlease note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor\u0027s website. \r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html", "sec:cpe": [ { "#text": "cpe:/a:sun:glassfish_enterprise_server", "@product": "Sun GlassFish Enterprise Server", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:java_system_application_server", "@product": "Sun Java System Application Server", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-000027", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN73653977/index.html", "@id": "JVN#73653977", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553", "@id": "CVE-2009-1553", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553", "@id": "CVE-2009-1553", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/34824", "@id": "34824", "@source": "BID" }, { "#text": "http://www.vupen.com/english/advisories/2009/1255", "@id": "VUPEN/ADV-2009-1255", "@source": "VUPEN" }, { "#text": "http://osvdb.org/54257", "@id": "54257", "@source": "OSVDB" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting" }