Sun Alert 236481 Cross-Site Scripting Vulnerability in the Sun Java System Web Server Advanced Search Mechanism

Product: Sun Java System Web Server 6.1, Sun Java System Web Server 7.0

A Cross-Site Scripting (CSS or XSS) vulnerability in the Sun JavaSystem Web Server's advanced search mechanism may may allow anunprivileged remote user the ability to execute arbitrary JavaScriptcommands in a client user's web browser. This may allow the remote userto steal cookie information, hijack sessions, or cause a loss of dataprivacy.

State: Resolved
First released: 23-May-2008
Comments:

Darn, XSS is everywhere now days :(. At least we can protect our sites because of you!

Posted by Pierce on May 24, 2008 at 07:01 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today