Lucene search

K

MitreCVELIST:CVE-2009-1554

HistoryMay 06, 2009 - 4:00 p.m.

CVE-2009-1554

2009-05-0616:00:00

mitre

www.cve.org

4

AI Score

5.6

Confidence

High

EPSS

0.008

Percentile

81.3%

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

References

dsecrg.com/pages/vul/show.php?id=138

osvdb.org/54220

secunia.com/advisories/35006

www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html

www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html

www.securityfocus.com/archive/1/503239/100/0/threaded

www.securityfocus.com/bid/34829

exchange.xforce.ibmcloud.com/vulnerabilities/50336

woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041

AI Score

5.6

Confidence

High

EPSS

0.008

Percentile

81.3%

Related for CVELIST:CVE-2009-1554

veracode1 prion1 nessus1 nvd1 cve1 exploitdb1