漏洞信息详情
Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200805-121
- 危害等级: 中危
- CVE编号: CVE-2008-2166
- 漏洞类型: 跨站脚本
- 发布时间: 2008-05-13
- 威胁类型: 远程
- 更新时间: 2009-04-01
- 厂 商: sun
- 漏洞来源: The vendor reporte...
漏洞简介
Sun Java System Web Server SP9之前的6.1版本以及Update 2之前的7.0版本中的搜索模块存在跨站脚本攻击漏洞。远程攻击者可以借助index.jsp中的未知参数,注入任意的web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Sun Java System Web Server 7.0
Sun 125437-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125437-13-1
Sun 125438-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125438-13-1
Sun 125439-11
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125439-11-1
Sun 125440-11
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125440-11-1
Sun 125441-12
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125441-12-1
Sun Java System Web Server 7.0 Update 1
Sun 125437-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125437-13-1
Sun 125438-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125438-13-1
Sun 125439-11
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125439-11-1
Sun 125440-11
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125440-11-1
Sun 125441-12
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125441-12-1
Sun Java System Web Server 6.1 SP4
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1 SP5
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1 SP7
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1 SP1
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1 SP6
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1
Sun 121524-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1
Sun Java System Web Server 6.1 SP3
Sun 116648-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1
Sun 116649-21
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1
Sun 118202-13
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1
Sun 121510-05
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-0
参考网址
来源: SECTRACK
名称: 1019987
链接:http://www.securitytracker.com/id?1019987
来源: BID
名称: 29087
链接:http://www.securityfocus.com/bid/29087
来源: SUNALERT
名称: 231467
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1
来源: XF
名称: javasystem-search-xss(42263)
链接:http://xforce.iss.net/xforce/xfdb/42263
来源: VUPEN
名称: ADV-2008-1455
链接:http://www.frsirt.com/english/advisories/2008/1455/references
来源: SECUNIA
名称: 30133
链接:http://secunia.com/advisories/30133
受影响实体
- Sun Java_system_web_server:6.1:Aix
- Sun Java_system_web_server:6.1:Hp_ux
- Sun Java_system_web_server:6.1:Linux
- Sun Java_system_web_server:6.1:Sparc
- Sun Java_system_web_server:6.1:Windows
补丁
暂无
评论