Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1554

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1554
Last Modified 22 Apr 2011 12:00:00
Published 06 May 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1554

Summary

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

Vulnerable Systems

Application

  • Sun Woodstock 4.2


References

MLIST - [cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java

XF - woodstock-404page-xss(50336)

BID - 34829

BUGTRAQ - 20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability

MLIST - [dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities

MLIST - [dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities

SECUNIA - 35006

OSVDB - 54220

MISC - http://dsecrg.com/pages/vul/show.php?id=138


Last Updated: 27 May 2016 10:50:36