Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5266

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5266
Last Modified 22 Apr 2011 12:00:00
Published 28 Nov 2008 02:00:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5266

Summary

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

Vulnerable Systems

Application

  • Oracle Glassfish Server 2.0

  • Sun Java System Application Server 9.1 01

  • Sun Java System Application Server 9.1 02


References

XF - glassfish-httplisteneredit-xss(47029)

BID - 29646

BUGTRAQ - 20080610 XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

MISC - http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/

SREASON - 4659

SECUNIA - 30604


Last Updated: 27 May 2016 10:48:46