漏洞信息详情
Sun ONE/Sun Java System 应用程序错误页 跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200605-358
- 危害等级: 中危
- CVE编号: CVE-2006-2501
- 漏洞类型: 跨站脚本
- 发布时间: 2006-05-19
- 威胁类型: 远程
- 更新时间: 2006-10-31
- 厂 商: sun
- 漏洞来源: Sun
漏洞简介
Sun ONE Web Server 6.0 SP9及之前版本, Java System Web Server 6.1 SP4及之前版本, Sun ONE Application Server 7 Platform和Standard Edition Update 6及之前版本 , 以及Java System Application Server 7 2004Q2 Standard和Enterprise Edition Update 2及之前版本存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助可能与错误讯息有关的未知攻击向量,注入任意Web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Sun ONE Web Server 6.0 SP5 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP9 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP4 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP7 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP6 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP2 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP3 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP8 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP1 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun Java System Web Server 6.1 SP4 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP3 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP2 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun ONE Application Server 7.0 UR1 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun Java System Application Server 7.0 2004Q2 R2 Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun Java System Application Server 7.0 2004Q2 R2 Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun ONE Application Server 7.0 UR2 Upgrade Platform Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Upgrade Standard Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 UR1 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c
参考网址
来源: US-CERT
名称: VU#114956
链接:http://www.kb.cert.org/vuls/id/114956
来源: VUPEN
名称: ADV-2006-1866
链接:http://www.frsirt.com/english/advisories/2006/1866
来源: SUNALERT
名称: 102164
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1
来源: SECUNIA
名称: 20147
链接:http://secunia.com/advisories/20147
来源: JVN
名称: JVN#03D5EAA8
链接:http://jvn.jp/jp/JVN%2303D5EAA8/index.HTML
来源: XF
名称: sun-java-system-xss(26550)
链接:http://xforce.iss.net/xforce/xfdb/26550
来源: BID
名称: 18035
链接:http://www.securityfocus.com/bid/18035
来源: SECTRACK
名称: 1016126
链接:http://securitytracker.com/id?1016126
来源: SECTRACK
名称: 1016125
链接:http://securitytracker.com/id?1016125
受影响实体
- Sun Java_system_application_server:7.0:Ur2:Standard
- Sun One_web_server:6.0:Sp9
- Sun One_application_server:7.0:Update_6:Standard
- Sun One_application_server:7.0:Update_6:Platform
- Sun One_application_server:6.0
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论