Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞

admin

0
文章

0
评论

2022-07-19 12:13:50 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞

CNNVD编号：CNNVD-200805-121
危害等级：中危
CVE编号： CVE-2008-2166
漏洞类型：跨站脚本
发布时间： 2008-05-13
威胁类型：远程
更新时间： 2009-04-01
厂商： sun
漏洞来源： The vendor reporte...

漏洞简介

Sun Java System Web Server SP9之前的6.1版本以及Update 2之前的7.0版本中的搜索模块存在跨站脚本攻击漏洞。远程攻击者可以借助index.jsp中的未知参数，注入任意的web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Sun Java System Web Server 7.0

Sun 125437-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125437-13-1

Sun 125438-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125438-13-1

Sun 125439-11

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125439-11-1

Sun 125440-11

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125440-11-1

Sun 125441-12

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125441-12-1

Sun Java System Web Server 7.0 Update 1

Sun 125437-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125437-13-1

Sun 125438-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125438-13-1

Sun 125439-11

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125439-11-1

Sun 125440-11

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125440-11-1

Sun 125441-12

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125441-12-1

Sun Java System Web Server 6.1 SP4

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1 SP5

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1 SP7

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1 SP1

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1 SP6

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-05-1

Sun 121524-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121524-05-1

Sun Java System Web Server 6.1 SP3

Sun 116648-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-21-1

Sun 116649-21

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116649-21-1

Sun 118202-13

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118202-13-1

Sun 121510-05

http://sunsolve.sun.com/search/document.do?assetkey=1-21-121510-0

参考网址

来源: SECTRACK

名称: 1019987

链接:http://www.securitytracker.com/id?1019987

来源: BID

名称: 29087

链接:http://www.securityfocus.com/bid/29087

来源: SUNALERT

名称: 231467

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1

来源: XF

名称: javasystem-search-xss(42263)

链接:http://xforce.iss.net/xforce/xfdb/42263

来源: VUPEN

名称: ADV-2008-1455

链接:http://www.frsirt.com/english/advisories/2008/1455/references

来源: SECUNIA

名称: 30133

链接:http://secunia.com/advisories/30133

受影响实体

Sun Java_system_web_server:6.1:Aix
Sun Java_system_web_server:6.1:Hp_ux
Sun Java_system_web_server:6.1:Linux
Sun Java_system_web_server:6.1:Sparc
Sun Java_system_web_server:6.1:Windows

补丁

暂无

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞

漏洞信息详情

Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

Sun Java System Web Server Search Module 'index.jsp' 跨站脚本攻击漏洞

IBM Lotus Quickr WYSIWYG Editors 未明跨站脚本攻击漏洞

ZyWALL 100 HTTP Referer头文件跨站脚本漏洞

Microsoft恶意软件'mpengine.dll'保护引擎多个拒绝服务漏洞

Debian OpenSSL 加密问题漏洞

SIPp call.cpp文件多个远程栈溢出漏洞

Oracle Application Server Portal绕过认证漏洞

RPath Appliance_platform_agent 权限许可和访问控制漏洞

cPanel WHM界面多个跨站请求伪造漏洞

RPath Appliance_platform_agent 跨站请求伪造漏洞

ZONE.CI 全球网