漏洞信息详情

Sun ONE/Sun Java System 应用程序错误页 跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200605-358
• 危害等级： 中危
  
• CVE编号： CVE-2006-2501
• 漏洞类型： 跨站脚本
• 发布时间： 2006-05-19
• 威胁类型： 远程
• 更新时间： 2006-10-31
• 厂        商： sun
• 漏洞来源： Sun

漏洞简介

Sun ONE Web Server 6.0 SP9及之前版本, Java System Web Server 6.1 SP4及之前版本, Sun ONE Application Server 7 Platform和Standard Edition Update 6及之前版本 , 以及Java System Application Server 7 2004Q2 Standard和Enterprise Edition Update 2及之前版本存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助可能与错误讯息有关的未知攻击向量，注入任意Web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： Sun ONE Web Server 6.0 SP5 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP9 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP4 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP7 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP6 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP2 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP3 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP8 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP1 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun Java System Web Server 6.1 SP4 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP3 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP2 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun ONE Application Server 7.0 UR1 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun Java System Application Server 7.0 2004Q2 R2 Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun Java System Application Server 7.0 2004Q2 R2 Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun ONE Application Server 7.0 UR2 Upgrade Platform Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Upgrade Standard Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 UR1 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c

参考网址

来源: US-CERT

名称: VU#114956

链接:http://www.kb.cert.org/vuls/id/114956

来源: VUPEN

名称: ADV-2006-1866

链接:http://www.frsirt.com/english/advisories/2006/1866

来源: SUNALERT

名称: 102164

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1

来源: SECUNIA

名称: 20147

链接:http://secunia.com/advisories/20147

来源: JVN

名称: JVN#03D5EAA8

链接:http://jvn.jp/jp/JVN%2303D5EAA8/index.HTML

来源: XF

名称: sun-java-system-xss(26550)

链接:http://xforce.iss.net/xforce/xfdb/26550

来源: BID

名称: 18035

链接:http://www.securityfocus.com/bid/18035

来源: SECTRACK

名称: 1016126

链接:http://securitytracker.com/id?1016126

来源: SECTRACK

名称: 1016125

链接:http://securitytracker.com/id?1016125

受影响实体

• Sun Java_system_application_server:7.0:Ur2:Standard  
• Sun One_web_server:6.0:Sp9  
• Sun One_application_server:7.0:Update_6:Standard  
• Sun One_application_server:7.0:Update_6:Platform  
• Sun One_application_server:6.0  

补丁

暂无