Lucene search

[email protected]CVE-2009-1553

HistoryMay 06, 2009 - 4:30 p.m.

CVE-2009-1553

2009-05-0616:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1553

admin console

xss vulnerabilities

sun glassfish enterprise server 2.1

cross-site scripting

nvd

security advisory

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.

CPENameOperatorVersion
oracle:glassfish_serveroracle glassfish servereq2.1

CPE	Name	Operator	Version
oracle:glassfish_server	oracle glassfish server	eq	2.1

References

dsecrg.com/pages/vul/show.php?id=134

jvn.jp/en/jp/JVN73653977/index.html

jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html

osvdb.org/54249

osvdb.org/54250

osvdb.org/54251

osvdb.org/54252

osvdb.org/54253

osvdb.org/54254

osvdb.org/54255

osvdb.org/54256

osvdb.org/54257

sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1

www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html

www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html

www.securityfocus.com/archive/1/503236/100/0/threaded

www.securityfocus.com/bid/34824

www.securityfocus.com/bid/34914

www.vupen.com/english/advisories/2009/1255

exchange.xforce.ibmcloud.com/vulnerabilities/50453

glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668

glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669

glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2009-1553

openvas2 cvelist1 ubuntucve1 prion1