jvndb-2009-000027
Vulnerability from jvndb
Published
2009-05-13 15:37
Modified
2009-05-13 15:37
Severity ?
() - -
Summary
Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Details
Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. According to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor's website. Please note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor's website. Project VEX of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "dc:date": "2009-05-13T15:37+09:00",
  "dcterms:issued": "2009-05-13T15:37+09:00",
  "dcterms:modified": "2009-05-13T15:37+09:00",
  "description": "Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability.\r\n\r\nSun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability.\r\n\r\nAccording to the vendor, Sun Java System Application Server is currently distributed as the open sourced Sun GlassFish Enterprise Server. Users of the Sun Java System Application Server can obtain support only if they have a support contract. For more information, refer to the vendor\u0027s website.\r\n\r\nPlease note that Sun Java System Application Server 8.x and 9.0 are not affected by this vulnerability. For more information, refer to the vendor\u0027s website. \r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sun:glassfish_enterprise_server",
      "@product": "Sun GlassFish Enterprise Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:java_system_application_server",
      "@product": "Sun Java System Application Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000027",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN73653977/index.html",
      "@id": "JVN#73653977",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1553",
      "@id": "CVE-2009-1553",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/34824",
      "@id": "34824",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1255",
      "@id": "VUPEN/ADV-2009-1255",
      "@source": "VUPEN"
    },
    {
      "#text": "http://osvdb.org/54257",
      "@id": "54257",
      "@source": "OSVDB"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.