Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1934

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1934
Last Modified 15 Jul 2009 01:41:44
Published 05 Jun 2009 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1934

Summary

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

Vulnerable Systems

Application

  • Sun Java System Web Server 6.1

  • Sun One Web Server 6.1


References

SUNALERT - 259588

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1

XF - jsws-reverseproxyplugin-xss(50951)

VUPEN - ADV-2009-1500

SECTRACK - 1022334

BID - 35204

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm

SECUNIA - 35338

OSVDB - 54872


Last Updated: 27 May 2016 10:50:44