JVNDB-2009-000027

Vulnerability from jvndb - Published: 2009-05-13 15:37 - Updated:2009-05-13 15:37
Severity ?
() - -
Summary
Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Details
Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. According to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor's website. Please note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor's website. Project VEX of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "dc:date": "2009-05-13T15:37+09:00",
  "dcterms:issued": "2009-05-13T15:37+09:00",
  "dcterms:modified": "2009-05-13T15:37+09:00",
  "description": "Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.\r\n\r\nSun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.\r\n\r\nAccording to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor\u0027s website.\r\n\r\nPlease note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor\u0027s website. \r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sun:glassfish_enterprise_server",
      "@product": "Sun GlassFish Enterprise Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:java_system_application_server",
      "@product": "Sun Java System Application Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000027",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73653977/index.html",
      "@id": "JVN#73653977",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/34824",
      "@id": "34824",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1255",
      "@id": "VUPEN/ADV-2009-1255",
      "@source": "VUPEN"
    },
    {
      "#text": "http://osvdb.org/54257",
      "@id": "54257",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.