JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

2007-12-21T00:00:00
ID JVN:89292430
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-05-21T00:00:00

Description

## Description

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting.

## Impact

An arbitrary script can be executed on the user's web browser.

## Solution

Update the Software
Apply the latest update provided by the vendor.

## Products Affected

  • Sun Java System Web Server 6.1 SP7 and earlier
  • Sun Java System Web Server 7.0
  • Sun Java System Web Proxy Server 3.6 SP 10 and earlier