漏洞信息详情
Sun JavaDoc Tool 跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200706-545
- 危害等级: 中危
- CVE编号: CVE-2007-3503
- 漏洞类型: 跨站脚本
- 发布时间: 2007-06-29
- 威胁类型: 远程
- 更新时间: 2007-07-02
- 厂 商: sun
- 漏洞来源: The vendor disclos...
漏洞简介
Sun JDK 6和JDK 5.0 Update 11中的Javadoc工具会生成包含跨站脚本攻击漏洞的HTML documentation页面,远程攻击者可以借助未明向量,注入任意的web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:ftp://ftp.slackware.com/pub/slackware/slackware-12.0/extra/jdk-6/jdk-6u2-i586-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/jre-6u2-i586-1.tgz
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125139-01-1
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.5.0_11-linux_ia32.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.5.0_11-linux_ia64.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.5.0_11-linux_x86_64.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.5.0_11-solaris_sparcv9.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.6.0_01-linux_ia32.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/jrockit-jdk1.6.0_01-linux_x86_64.tar.gz
http://wsidecar.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat=1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg
参考网址
来源: SUNALERT
名称: 102958
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1
来源: XF
名称: sun-jdk-javadoc-xss(35168)
链接:http://xforce.iss.net/xforce/xfdb/35168
来源: SECTRACK
名称: 1018327
链接:http://www.securitytracker.com/id?1018327
来源: BID
名称: 24690
链接:http://www.securityfocus.com/bid/24690
来源: REDHAT
名称: RHSA-2007:0956
链接:http://www.redhat.com/support/errata/RHSA-2007-0956.HTML
来源: REDHAT
名称: RHSA-2007:0829
链接:http://www.redhat.com/support/errata/RHSA-2007-0829.HTML
来源: REDHAT
名称: RHSA-2007:0818
链接:http://www.redhat.com/support/errata/RHSA-2007-0818.HTML
来源: GENTOO
名称: GLSA-200709-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
来源: VUPEN
名称: ADV-2007-4224
链接:http://www.frsirt.com/english/advisories/2007/4224
来源: VUPEN
名称: ADV-2007-3009
链接:http://www.frsirt.com/english/advisories/2007/3009
来源: VUPEN
名称: ADV-2007-2383
链接:http://www.frsirt.com/english/advisories/2007/2383
来源: SECUNIA
名称: 28115
链接:http://secunia.com/advisories/28115
来源: SECUNIA
名称: 27203
链接:http://secunia.com/advisories/27203
来源: SECUNIA
名称: 26933
链接:http://secunia.com/advisories/26933
来源: SECUNIA
名称: 26645
链接:http://secunia.com/advisories/26645
来源: SECUNIA
名称: 26631
链接:http://secunia.com/advisories/26631
来源: SECUNIA
名称: 26369
链接:http://secunia.com/advisories/26369
来源: SECUNIA
名称: 26314
链接:http://secunia.com/advisories/26314
来源: SECUNIA
名称: 25769
链接:http://secunia.com/advisories/25769
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-12-14
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/Security-announce/2007/Dec/msg00001.HTML
来源: MISC
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=307177
来源: BEA
名称: BEA07-177.00
链接:http://dev2dev.bea.com/pub/advisory/248
受影响实体
- Sun Jdk:1.6.0
- Sun Jdk:1.5.0:Update11
- Oracle Jdk:1.6.0
- Oracle Jdk:1.5.0:Update11
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论