iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

DSquare Exploit Pack: D2SEC_SUNASP1

Name| d2secsunasp1 ---|--- CVE| CVE-2008-2402 Exploit Pack| D2ExploitPack Description| Sun Java System Active Server Pages Information Disclosure Notes|...

DSquare Exploit Pack: D2SEC_SUNASP2

Name| d2secsunasp2 ---|--- CVE| CVE-2008-2403 Exploit Pack| D2ExploitPack Description| Sun Java System Active Server Pages Directory Traversal Notes|...

CVE-2008-2518

CVE-2008-2518 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3, affecting the advanced search (webapps/search/advanced.jsp). The underlying issue is an HTML/script injection via unspecified vectors (likely related to the next parameter). Exploitation de...

Sun Java系统Web服务器高级搜素机制跨站脚本漏洞

BUGTRAQ ID: 29355 Sun Java System Web Server是高性能的WEB服务器。 Sun Java系统Web服务器的高级搜素机制没有正确地过滤某些用户输入，远程非特权可以通过提交恶意搜索请求执行跨站脚本攻击，导致用户在客户端的web浏览器中执行任意JavaScript命令，这可能允许远程用户窃取cookie信息、劫持会话或导致损失数据保密性。 Sun Java System Web Server 7.0 Update 2 Sun Java System Web Server 7.0 Update 1 Sun Java System Web Server 7...

Sun Java System Web Server cross-site scripting vulnerability

Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...

CVE-2008-2166

Cross-site scripting XSS vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp...

CVE-2008-2166

CVE-2008-2166 affects Sun Java System Web Server 6.1 (pre-SP9) and 7.0 (pre-Update 2). The issue is a cross-site scripting vulnerability in the Search module (index.jsp) caused by insufficient input sanitization, enabling remote injection of arbitrary script/HTML. The connected documents provide ...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

CVE-2008-2120

CVE-2008-2120 is an information-disclosure vulnerability in Sun Java System Application Server 7 (2004Q2) before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 that allows remote attackers to obtain the source code of JSP files via unknown vectors. Affected components are...

CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Sun Java System Directory Server bind-dn Remote Privilege Escalation

The version of Sun Java System Directory Proxy Server running on the remote host is affected by an unauthorized access vulnerability. Specifically, the server fails to properly classify connections in relation to 'binddn' parameter. Successful exploitation of this issue might allow an unprivilege...

Sun Java系统目录代理服务器远程非授权访问漏洞

BUGTRAQ ID: 28941 Sun Java系统目录服务器是Java企业系统的一个组件，为企业管理大量用户信息提供用户管理基础架构。 Sun Java系统目录代理服务器错误的基于bind-dn标准对连接进行分类，导致应用了错误的策略，成功利用这个漏洞可能允许远程非特权用户获得对服务器的非授权管理访问。 Sun Java System Directory Server 6.2 Sun Java System Directory Server 6.1 Sun Java System Directory Server 6.0 Sun ---...

CVE-2008-1995

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server...

Sun Java System Messenger Express 6.1-13-15 - sid Cross-Site Scripting

Sun Java System Messenger Express 6.1-13-15 - sid Cross-Site Scripting source: https://www.securityfocus.com/bid/28649/info Sun Java System Messenger Express is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...

CVE-2008-1204

Multiple cross-site scripting XSS vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the 1 Help and 2 Version windows...

CVE-2008-1204

Multiple cross-site scripting XSS vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the 1 Help and 2 Version windows...

CVE-2008-1204

CVE-2008-1204: XSS vulnerabilities in the Administration Console of Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script/HTML via unspecified vectors in the Help and Version windows. The NVD entry lists a base CVSS v2 score of 4.3 (Network attack v...

Solaris 5.10 (sparc) : 126356-03

Sun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...