Lucene search

[email protected]CVE-2008-1204

HistoryMar 08, 2008 - 12:44 a.m.

CVE-2008-1204

2008-03-0800:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1204

cross-site scripting

xss

sun java system access manager

administration console

remote attack

web script injection

html injection

vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

CPENameOperatorVersion
sun:java_system_access_managersun java system access managereq7.1
sun:java_system_access_managersun java system access managereq7.0_2005q4
sun:java_system_access_managersun java system access managereq7.0

CPE	Name	Operator	Version
sun:java_system_access_manager	sun java system access manager	eq	7.1
sun:java_system_access_manager	sun java system access manager	eq	7.0_2005q4
sun:java_system_access_manager	sun java system access manager	eq	7.0

References

secunia.com/advisories/29252

sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1

www.securityfocus.com/bid/28113

www.vupen.com/english/advisories/2008/0784

exchange.xforce.ibmcloud.com/vulnerabilities/41024

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.9%

JSON

Related for CVE-2008-1204

cvelist1 prion1