CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.2%
A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies.
From Sun Alert Notification 102164:
_A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server._Vulnerable web servers do not adequately validate the contents of the HTTP REFERER header before using the contents in the default error page.
Sun states that the following products can be affected:
* Sun ONE Web Server 6.0 Service Pack 9 and earlier
* Sun Java System Web Server 6.1 Service Pack 4 and earlier
* Sun ONE Application Server 7 Platform Edition Update 6 and earlier
* Sun ONE Application Server 7 Standard Edition Update 6 and earlier
* Sun Java System Application Server 7 2004Q2 Standard Edition Update 2 and earlier
* Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2 and earlier
By convincing a user to visit a web page, an attacker could read or modify the contents of web pages on a vulnerable web server. The attacker could read sensitive information, steal cookies, or modify the contents of a web page.
Apply an update
Please see Sun Alert Notification 102164 for information about updated software.
Change default error page
Change the default error page to not include the contents of the REFERER header. Red Hat has kindly provided instructions for changing the default error page on Netscape Enterprise Server 6.0.
114956
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 08, 2005 Updated: August 10, 2006
Affected
Vendor Statement: Red Hat, Inc.
Netscape Enterprise Server 6.0 is vulnerable to this issue. A work around
that completely blocks this issue is available below. Please note that
Netscape Enterprise Server 6.0 is discontinued and Red Hat will not be
releasing software updates for this issue.
Workaround: Set a default error message for “Not Found” that does not
include a link to the referring page. To configure such a message, follow
these steps:
- Log into admin server
- Select an instance to manage
- Select Class Manager in the upper-right
- Select the Content Management tab
- Select Error Responses link in left frame
- You need to define a Custom Error Response for Error code: Not found.
- Add the entire path to a file under File, or redirect the user
elsewhere. See the Help button for more information.
- Save, then Apply to restart the server
Alternatively, manually add an error response, such as the following, to
obj.conf:
Error fn=“send-error” reason=“Not Found”
path=“/path/to/docs/errors/notfound.html”
The content that Netscape Enterprise Server would send without the
referring site is:
<HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD>
<H1>Not Found</H1> The requested object does not exist on this server. The
link you followed is either outdated, inaccurate, or the server has
been instructed not to let you have it.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23114956 Feedback>).
Notified: March 08, 2005 Updated: August 10, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Sun Alert Notification 102164.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23114956 Feedback>).
Notified: March 08, 2005 Updated: August 10, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Sun ONE, Netscape Enterprise Server, and Netscape iPlanet are (or were) related.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23114956 Feedback>).
Notified: March 08, 2005 Updated: August 10, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Some Novell web server products are or were related to Netscape web servers.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23114956 Feedback>).
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A |
Thanks to JPCERT/CC and IPA for reporting this vulnerability.
This document was written by Katie Washok and Art Manion.
CVE IDs: | CVE-2006-2501 |
---|---|
Severity Metric: | 14.50 Date Public: |