VAR-200905-0302
Vulnerability from variot - Updated: 2023-12-18 13:04Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. This issue is tracked by Sun Alert ID 258068. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Multiple XSS in Sun Communications Express
- Advisory Information
Title: Multiple XSS in Sun Communications Express Advisory ID: CORE-2009-0109 Advisory URL: http://www.coresecurity.com/content/sun-communications-express Date published: 2009-05-20 Date of last update: 2009-05-20 Vendors contacted: Sun Microsystems Release mode: Coordinated release
- Vulnerability Information
Class: Cross site scripting (XSS) Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 34154, 34155 CVE Name: CVE-2009-1729
- 'https:///uwc/abs/search.xml?'
-
For example, an attacker could exploit a XSS vulnerability to steal user cookies (and then impersonate the legitimate user) or fake a page requesting information to the user (i.e. credentials). This vulnerability occurs when user-supplied data is displayed without encoding.
-
Vulnerable packages
4.1. SPARC Platform
.
4.2. x86 Platform
.
4.3. Linux
.
- Non-vulnerable packages
.
-
Credits
These vulnerabilities were discovered by the SCS team from Core Security Technologies.
- Technical Description / Proof of Concept Code
Cross-Site Scripting (commonly referred to as XSS) attacks are the result of improper encoding or filtering of input obtained from untrusted sources. The injected code then takes advantage of the trust given by the user to the vulnerable site. These attacks are usually targeted at all users of a web application rather than at the application itself (although one could say that the users are affected because of a vulnerability of the web application). The term 'cross-site scripting' is also sometimes used in a broader-sense referring to different types of attacks involving script injection into the client. For additional information, please look at the references [2], [3], [4], [5] and [6].
8.1. Although the affected URL is originally accessed through a POST request, this vulnerability can be exploited both with a GET and with a POST request. Using the following variables:
/-----------
abperson_displayName - -----------/
The contents of the variables previously mentioned are not being encoded at the time of using them in HTML output, therefore allowing an attacker who controls their content to insert javascript code.
The following code is a proof of concept of this flaw:
/-----------
https:///uwc/abs/search.xml?bookid=e11e46531a8a0&j_encoding=UTF-8&uiaction=quickaddcontact&entryid=&valueseparator=%3B&prefix=abperson_&stopalreadyselected=1&isselchanged=0&idstoadd=&selectedbookid=&type=abperson%2Cgroup&wcfg_groupview=&wcfg_searchmode=&stopsearch=1&expandgroup=&expandselectedgroup=&expandonmissing=&nextview=&bookid=e11e46531a8a0&actionbookid=e11e46531a8a0&searchid=7&filter=entry%2Fdisplayname%3D*&firstentry=0&sortby=%2Bentry%2Fdisplayname&curbookid=e11e46531a8a0&searchelem=0&searchby=contains&searchstring=Search+for&searchbookid=e11e46531a8a0&abperson_givenName=aa&abperson_sn=aa&abperson_piEmail1=a%40a.com&abperson_piEmail1Type=work&abperson_piPhone1=11&abperson_piPhone1Type=work&quickaddprefix=abperson_&abperson_displayName=%3Cscript%3Ealert%28%27xss2%27%29%3C%2Fscript%3E%2C+%3Cscript%3Ealert%28%27xss1%27%29%3C%2Fscript%3E&abperson_entrytype=abperson&abperson_memberOfPIBook=e11e46531a8a0 - -----------/
8.2. Vulnerability #2 - XSS (BID 34155, CVE-2009-1729)
Cross-site scripting vulnerabilities were found in the following file/url:
/-----------
http:///uwc/base/UWCMain - -----------/
The contents of the url are not being encoded at the time of using them in HTML output, therefore allowing an attacker who controls their content to insert javascript code.
This vulnerability can be exploited through a GET request, and the user does not need to be logged into the web application. This makes this cross-site scripting vulnerability perfect to be used by attackers on email-based attacks. An attacker can send via email a link to a 'calendar' and 'exploit' the victim.
The following code is a proof of concept of this flaw:
/-----------
http:///uwc/base/UWCMain?anon=true&calid=test@test.com&caltype=temporaryCalids&date=20081223T143836Z&category=All&viewctx=day&temporaryCalendars=test@test.com%27;alert(%27hello%27);a=%27 - -----------/
- Report Timeline
. 2009-01-09: Core Security Technologies notifies Sun Security Coordination Team of the vulnerability, setting the estimated publication date of the advisory to Feb 2nd. Technical details are sent to Communications Express team. 2009-01-09: The vendor acknowledges reception of the report and asks Core to postpone publication of the security advisory in order to have enough time to investigate and fix the bugs. Vendor requests GPG key of Core's security Advisories team. 2009-01-12: Core agrees to postpone the advisory publication but asks the vendor for a feedback of their engineering team as soon as possible in order to coordinate the release date of fixes and security advisories. 2009-01-21: Core asks the vendor an estimated date for the release of patches and fixes. 2009-01-21: Sun Security Coordination Team notifies Core that the vendor's engineering team is hoping to have patches released sometime near the end of February or the beginning of March. The time-frame is tentative due to the vendor's QA testing process that includes testing of all patches which may include fixes to bugs unrelated to those reported by Core. 2009-02-06: Core re-schedules the advisory publication date to Feb 25th. Updated timeline sent to the vendor requesting confirmation that patches will be released by then. 2009-02-16: The vendor asks Core to delay the advisory publication until the end of March, in order to finish a rigorous process of internal testing. 2009-02-16: Core re-schedules the advisory publication date to March 30th. Core indicates that it would appreciate further technical details about the flaws from the vendors engineering team. 2009-02-17: Vendor acknowledges previous email. 2009-03-17: Core reminds the vendor that the publication of the advisory is scheduled for March 30th. Core also requests updated information about the development and release of fixed versions. 2009-03-23: Vendor confirms that it is on track to have the fix ready for publication at the end of this month, March 30th, and provides a list of affected products and versions. 2009-03-24: Vendor states that there was a confusion on his end, and that patches are scheduled to complete testing and to be published on 22nd April 2009. Vendor requests Core to delay publication of its advisory. 2009-03-25: Core confirms that the advisory publication is rescheduled to April 22nd. 2009-04-08: Sun engineering team informs that they have a fix for other flaw reported by Core [7]. This fix is currently undergoing Sun standard testing, and vendor expect to be ready to publish the patch on Monday 20th April 2009. 2009-04-16: Sun engineering team confirms they are still planning to release the fix for [7] on 20th April 2009. Core requires an estimated date for the release of patches and fixes. 2009-04-20: Sun engineering team informs that the issue which affects Communications Express is planned for publication later in the week. The vendor will get back to Core with a more final date once they have confirmed the details. 2009-04-22: Sun engineering team informs that the fix related to Communications Express is currently undergoing internal testing and they expect to be ready to publish the fixes and the sun alert on 6th May 2009. 2009-04-29: Core re-schedules the advisory publication date to 6th May 2009, asks Sun for an URL of the corresponding Sun alert and a list of non-vulnerable packages. 2009-05-05: Sun engineering team informs that they are experiencing some difficulties related to the final release stages of the fix for this bug. The vendor will not be ready to go public with this fix tomorrow. 2009-05-05: Core responds that it is possible to postpone the publication of the advisory, but asks Sun engineering team for an estimated date to reach the final release of the fix as soon as possible. 2009-05-08: Sun engineering team informs they are still experiencing some delays with the final stages of this release process and asks to delay the publication of the advisory. 2009-05-18: Sun engineering team confirms that they have resolved the outstanding issues related to this vulnerability and they expect to be ready to publish the fixes on Wednesday 20th May. 2009-05-18: Core re-schedules the advisory publication date to 20th May. 2009-05-20: The advisory CORE-2009-0109 is published.
- References
[1] http://www.sun.com/software/products/calendar_srvr/comms_express/index.xml [2] HTML Code Injection and Cross-Site Scripting http://www.technicalinfo.net/papers/CSS.html. [3] The Cross-Site Scripting FAQ (XSS) http://www.cgisecurity.com/articles/xss-faq.shtml [4] How to prevent Cross-Site Scripting Security Issues http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985 [5] How to review ASP Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253119 [6] How to review Visual InterDev Generated Code for CSSI Vulnerability http://support.microsoft.com/default.aspx?scid=kb;EN-US;253120 [7] HTTP Response Splitting vulnerability in Sun Delegated Administrator - - http://www.coresecurity.com/content/sun-delegated-administrator
- About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs.
- About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.
- Disclaimer
The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKFEWVyNibggitWa0RAqSuAKCRr0zxGIvhYRVD92VLI7W1pJezQwCfVvSO SNbJmS6GjYkZPyIfI3+JIpw= =wOZe -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
Various input is not properly sanitised before being returned to users.
SOLUTION: Apply patches.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "java system communications express",
"scope": "eq",
"trust": 2.2,
"vendor": "sun",
"version": "6.3"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "6.2"
},
{
"model": "java system communications express",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "6 2005q4 (aka 6.2) and 6.3"
},
{
"model": "java system communications express 2005q4",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:sparc:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:x86:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1729"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Core Security Technologies",
"sources": [
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
],
"trust": 0.7
},
"cve": "CVE-2009-1729",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1729",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1729",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200905-259",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. \nThis issue is tracked by Sun Alert ID 258068. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://www.coresecurity.com/corelabs/\n\n Multiple XSS in Sun Communications Express\n\n\n1. *Advisory Information*\n\nTitle: Multiple XSS in Sun Communications Express\nAdvisory ID: CORE-2009-0109\nAdvisory URL: http://www.coresecurity.com/content/sun-communications-express\nDate published: 2009-05-20\nDate of last update: 2009-05-20\nVendors contacted: Sun Microsystems\nRelease mode: Coordinated release\n\n\n2. *Vulnerability Information*\n\nClass: Cross site scripting (XSS)\nRemotely Exploitable: Yes\nLocally Exploitable: No\nBugtraq ID: 34154, 34155\nCVE Name: CVE-2009-1729\n\n\n3. \u0027https://\u003cserver\u003e/uwc/abs/search.xml?\u0027\n 2. For example, an attacker could\nexploit a XSS vulnerability to steal user cookies (and then impersonate\nthe legitimate user) or fake a page requesting information to the user\n(i.e. credentials). This vulnerability occurs when user-supplied data is\ndisplayed without encoding. \n\n\n4. *Vulnerable packages*\n\n4.1. *SPARC Platform*\n\n . \n\n\n4.2. *x86 Platform*\n\n . \n\n\n4.3. *Linux*\n\n . \n\n\n5. *Non-vulnerable packages*\n\n . \n\n\n6. \n\n\n7. *Credits*\n\nThese vulnerabilities were discovered by the SCS team from Core Security\nTechnologies. \n\n\n8. *Technical Description / Proof of Concept Code*\n\nCross-Site Scripting (commonly referred to as XSS) attacks are the\nresult of improper encoding or filtering of input obtained from\nuntrusted sources. The injected code then\ntakes advantage of the trust given by the user to the vulnerable site. \nThese attacks are usually targeted at all users of a web application\nrather than at the application itself (although one could say that the\nusers are affected because of a vulnerability of the web application). \nThe term \u0027cross-site scripting\u0027 is also sometimes used in a\nbroader-sense referring to different types of attacks involving script\ninjection into the client. For additional information, please look at\nthe references [2], [3], [4], [5] and [6]. \n\n\n8.1. \nAlthough the affected URL is originally accessed through a POST request,\nthis vulnerability can be exploited both with a GET and with a POST\nrequest. Using the following variables:\n\n/-----------\n\nabperson_displayName\n- -----------/\n\n The contents of the variables previously mentioned are not being\nencoded at the time of using them in HTML output, therefore allowing an\nattacker who controls their content to insert javascript code. \n\nThe following code is a proof of concept of this flaw:\n\n/-----------\n\nhttps://\u003cserver\u003e/uwc/abs/search.xml?bookid=e11e46531a8a0\u0026j_encoding=UTF-8\u0026uiaction=quickaddcontact\u0026entryid=\u0026valueseparator=%3B\u0026prefix=abperson_\u0026stopalreadyselected=1\u0026isselchanged=0\u0026idstoadd=\u0026selectedbookid=\u0026type=abperson%2Cgroup\u0026wcfg_groupview=\u0026wcfg_searchmode=\u0026stopsearch=1\u0026expandgroup=\u0026expandselectedgroup=\u0026expandonmissing=\u0026nextview=\u0026bookid=e11e46531a8a0\u0026actionbookid=e11e46531a8a0\u0026searchid=7\u0026filter=entry%2Fdisplayname%3D*\u0026firstentry=0\u0026sortby=%2Bentry%2Fdisplayname\u0026curbookid=e11e46531a8a0\u0026searchelem=0\u0026searchby=contains\u0026searchstring=Search+for\u0026searchbookid=e11e46531a8a0\u0026abperson_givenName=aa\u0026abperson_sn=aa\u0026abperson_piEmail1=a%40a.com\u0026abperson_piEmail1Type=work\u0026abperson_piPhone1=11\u0026abperson_piPhone1Type=work\u0026quickaddprefix=abperson_\u0026abperson_displayName=%3Cscript%3Ealert%28%27xss2%27%29%3C%2Fscript%3E%2C+%3Cscript%3Ealert%28%27xss1%27%29%3C%2Fscript%3E\u0026abperson_entrytype=abperson\u0026abperson_memberOfPIBook=e11e46531a8a0\n- -----------/\n\n\n8.2. *Vulnerability #2 - XSS (BID 34155, CVE-2009-1729)*\n\nCross-site scripting vulnerabilities were found in the following file/url:\n\n/-----------\n\nhttp://\u003cserver\u003e/uwc/base/UWCMain\n- -----------/\n\n The contents of the url are not being encoded at the time of using them\nin HTML output, therefore allowing an attacker who controls their\ncontent to insert javascript code. \n\nThis vulnerability can be exploited through a GET request, and the user\ndoes not need to be logged into the web application. This makes this\ncross-site scripting vulnerability perfect to be used by attackers on\nemail-based attacks. An attacker can send via email a link to a\n\u0027calendar\u0027 and \u0027exploit\u0027 the victim. \n\nThe following code is a proof of concept of this flaw:\n\n/-----------\n\nhttp://\u003cserver\u003e/uwc/base/UWCMain?anon=true\u0026calid=test@test.com\u0026caltype=temporaryCalids\u0026date=20081223T143836Z\u0026category=All\u0026viewctx=day\u0026temporaryCalendars=test@test.com%27;alert(%27hello%27);a=%27\n- -----------/\n\n\n9. *Report Timeline*\n\n. 2009-01-09:\nCore Security Technologies notifies Sun Security Coordination Team of\nthe vulnerability, setting the estimated publication date of the\nadvisory to Feb 2nd. Technical details are sent to Communications\nExpress team. 2009-01-09:\nThe vendor acknowledges reception of the report and asks Core to\npostpone publication of the security advisory in order to have enough\ntime to investigate and fix the bugs. Vendor requests GPG key of Core\u0027s\nsecurity Advisories team. 2009-01-12:\nCore agrees to postpone the advisory publication but asks the vendor for\na feedback of their engineering team as soon as possible in order to\ncoordinate the release date of fixes and security advisories. 2009-01-21:\nCore asks the vendor an estimated date for the release of patches and\nfixes. 2009-01-21:\nSun Security Coordination Team notifies Core that the vendor\u0027s\nengineering team is hoping to have patches released sometime near the\nend of February or the beginning of March. The time-frame is tentative\ndue to the vendor\u0027s QA testing process that includes testing of all\npatches which may include fixes to bugs unrelated to those reported by\nCore. 2009-02-06:\nCore re-schedules the advisory publication date to Feb 25th. Updated\ntimeline sent to the vendor requesting confirmation that patches will be\nreleased by then. 2009-02-16:\nThe vendor asks Core to delay the advisory publication until the end of\nMarch, in order to finish a rigorous process of internal testing. 2009-02-16:\nCore re-schedules the advisory publication date to March 30th. Core\nindicates that it would appreciate further technical details about the\nflaws from the vendors engineering team. 2009-02-17:\nVendor acknowledges previous email. 2009-03-17:\nCore reminds the vendor that the publication of the advisory is\nscheduled for March 30th. Core also requests updated information about\nthe development and release of fixed versions. 2009-03-23:\nVendor confirms that it is on track to have the fix ready for\npublication at the end of this month, March 30th, and provides a list of\naffected products and versions. 2009-03-24:\nVendor states that there was a confusion on his end, and that patches\nare scheduled to complete testing and to be published on 22nd April\n2009. Vendor requests Core to delay publication of its advisory. 2009-03-25:\nCore confirms that the advisory publication is rescheduled to April 22nd. 2009-04-08:\nSun engineering team informs that they have a fix for other flaw\nreported by Core [7]. This fix is currently undergoing Sun standard\ntesting, and vendor expect to be ready to publish the patch on Monday\n20th April 2009. 2009-04-16:\nSun engineering team confirms they are still planning to release the fix\nfor [7] on 20th April 2009. Core requires an estimated date\nfor the release of patches and fixes. 2009-04-20:\nSun engineering team informs that the issue which affects Communications\nExpress is planned for publication later in the week. The vendor will\nget back to Core with a more final date once they have confirmed the\ndetails. 2009-04-22:\nSun engineering team informs that the fix related to Communications\nExpress is currently undergoing internal testing and they expect to be\nready to publish the fixes and the sun alert on 6th May 2009. 2009-04-29:\nCore re-schedules the advisory publication date to 6th May 2009, asks\nSun for an URL of the corresponding Sun alert and a list of\nnon-vulnerable packages. 2009-05-05:\nSun engineering team informs that they are experiencing some\ndifficulties related to the final release stages of the fix for this\nbug. The vendor will not be ready to go public with this fix tomorrow. 2009-05-05:\nCore responds that it is possible to postpone the publication of the\nadvisory, but asks Sun engineering team for an estimated date to reach\nthe final release of the fix as soon as possible. 2009-05-08:\nSun engineering team informs they are still experiencing some delays\nwith the final stages of this release process and asks to delay the\npublication of the advisory. 2009-05-18:\nSun engineering team confirms that they have resolved the outstanding\nissues related to this vulnerability and they expect to be ready to\npublish the fixes on Wednesday 20th May. 2009-05-18:\nCore re-schedules the advisory publication date to 20th May. 2009-05-20: The advisory CORE-2009-0109 is published. \n\n\n10. *References*\n\n[1]\nhttp://www.sun.com/software/products/calendar_srvr/comms_express/index.xml\n[2] HTML Code Injection and Cross-Site Scripting\nhttp://www.technicalinfo.net/papers/CSS.html. \n[3] The Cross-Site Scripting FAQ (XSS)\nhttp://www.cgisecurity.com/articles/xss-faq.shtml\n[4] How to prevent Cross-Site Scripting Security Issues\nhttp://support.microsoft.com/default.aspx?scid=KB;en-us;q252985\n[5] How to review ASP Code for CSSI Vulnerability\nhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;253119\n[6] How to review Visual InterDev Generated Code for CSSI Vulnerability\nhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;253120\n[7] HTTP Response Splitting vulnerability in Sun Delegated Administrator\n- - http://www.coresecurity.com/content/sun-delegated-administrator\n\n\n11. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://www.coresecurity.com/corelabs. \n\n\n12. *About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\nhttp://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2009 Core Security\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\nprovided that no fee is charged for this distribution and proper credit\nis given. \n\n\n14. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFKFEWVyNibggitWa0RAqSuAKCRr0zxGIvhYRVD92VLI7W1pJezQwCfVvSO\nSNbJmS6GjYkZPyIfI3+JIpw=\n=wOZe\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nVarious input is not properly sanitised before being returned to\nusers. \n\nSOLUTION:\nApply patches. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
},
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "PACKETSTORM",
"id": "77712"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1729",
"trust": 3.1
},
{
"db": "BID",
"id": "34155",
"trust": 1.9
},
{
"db": "BID",
"id": "34154",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "32474",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "54610",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "54609",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1389",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022266",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019",
"trust": 0.8
},
{
"db": "XF",
"id": "50658",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20090520 CORE-2009-0109 - MULTIPLE XSS IN SUN COMMUNICATIONS EXPRESS",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "258068",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20090520 CORE-2009-0109 - MULTIPLE XSS IN SUN COMMUNICATIONS EXPRESS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "77704",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77712",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "PACKETSTORM",
"id": "77712"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"id": "VAR-200905-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17142858
},
"last_update_date": "2023-12-18T13:04:41.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sun Alert 258068",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/sun_alert_258068_cross_site"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"trust": 2.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"trust": 1.6,
"url": "http://osvdb.org/54609"
},
{
"trust": 1.6,
"url": "http://osvdb.org/54610"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2009/may/0177.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/32474"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/alerts/2009/may/1022266.html"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34154"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34155"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1729"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1729"
},
{
"trust": 0.7,
"url": "http://www.sun.com/software/products/calendar_srvr/comms_express/index.xml"
},
{
"trust": 0.6,
"url": "/archive/1/503675"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/503675/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50658"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;253120"
},
{
"trust": 0.1,
"url": "https://\u003cserver\u003e/uwc/abs/search.xml?"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://\u003cserver\u003e/uwc/abs/search.xml?\u0027"
},
{
"trust": 0.1,
"url": "http://www.technicalinfo.net/papers/css.html."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1729"
},
{
"trust": 0.1,
"url": "https://\u003cserver\u003e/uwc/abs/search.xml?bookid=e11e46531a8a0\u0026j_encoding=utf-8\u0026uiaction=quickaddcontact\u0026entryid=\u0026valueseparator=%3b\u0026prefix=abperson_\u0026stopalreadyselected=1\u0026isselchanged=0\u0026idstoadd=\u0026selectedbookid=\u0026type=abperson%2cgroup\u0026wcfg_groupview=\u0026wcfg_searchmode=\u0026stopsearch=1\u0026expandgroup=\u0026expandselectedgroup=\u0026expandonmissing=\u0026nextview=\u0026bookid=e11e46531a8a0\u0026actionbookid=e11e46531a8a0\u0026searchid=7\u0026filter=entry%2fdisplayname%3d*\u0026firstentry=0\u0026sortby=%2bentry%2fdisplayname\u0026curbookid=e11e46531a8a0\u0026searchelem=0\u0026searchby=contains\u0026searchstring=search+for\u0026searchbookid=e11e46531a8a0\u0026abperson_givenname=aa\u0026abperson_sn=aa\u0026abperson_piemail1=a%40a.com\u0026abperson_piemail1type=work\u0026abperson_piphone1=11\u0026abperson_piphone1type=work\u0026quickaddprefix=abperson_\u0026abperson_displayname=%3cscript%3ealert%28%27xss2%27%29%3c%2fscript%3e%2c+%3cscript%3ealert%28%27xss1%27%29%3c%2fscript%3e\u0026abperson_entrytype=abperson\u0026abperson_memberofpibook=e11e46531a8a0"
},
{
"trust": 0.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258068-1."
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;253119"
},
{
"trust": 0.1,
"url": "http://www.cgisecurity.com/articles/xss-faq.shtml"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/corelabs/"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;q252985"
},
{
"trust": 0.1,
"url": "http://\u003cserver\u003e/uwc/base/uwcmain?anon=true\u0026calid=test@test.com\u0026caltype=temporarycalids\u0026date=20081223t143836z\u0026category=all\u0026viewctx=day\u0026temporarycalendars=test@test.com%27;alert(%27hello%27);a=%27"
},
{
"trust": 0.1,
"url": "http://\u003cserver\u003e/uwc/base/uwcmain\u0027"
},
{
"trust": 0.1,
"url": "http://\u003cserver\u003e/uwc/base/uwcmain"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/content/sun-delegated-administrator"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32474/"
}
],
"sources": [
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "PACKETSTORM",
"id": "77712"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "PACKETSTORM",
"id": "77712"
},
{
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-20T00:00:00",
"db": "BID",
"id": "34155"
},
{
"date": "2009-05-20T00:00:00",
"db": "BID",
"id": "34154"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"date": "2009-05-21T06:23:41",
"db": "PACKETSTORM",
"id": "77704"
},
{
"date": "2009-05-21T15:31:41",
"db": "PACKETSTORM",
"id": "77712"
},
{
"date": "2009-05-21T14:30:00.483000",
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"date": "2009-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-21T16:20:00",
"db": "BID",
"id": "34155"
},
{
"date": "2009-05-21T16:20:00",
"db": "BID",
"id": "34154"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006019"
},
{
"date": "2018-10-10T19:38:13.193000",
"db": "NVD",
"id": "CVE-2009-1729"
},
{
"date": "2009-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "34155"
},
{
"db": "BID",
"id": "34154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun Java System Communications Express Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "77704"
},
{
"db": "PACKETSTORM",
"id": "77712"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-259"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.