Cross-site Scripting Vulnerability in Sun Application Servers and Web Server
CVE-2003-0413

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server
Vendor: CVE Published:; 30 June 2003

Summary

The vulnerability allows attackers to exploit the webapps-simple sample application on the Sun ONE Application Server and Sun Java System Web Server. By crafting an HTTP request that prompts an 'Invalid JSP file' error, attackers can inject arbitrary web script or HTML into the response. This could lead to the execution of malicious scripts in the context of the user's browser, compromising user data and potentially leading to further attacks.

References

http://www.spidynamics.com/sunone_alert.html

x_refsource_MISC

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability published
Jun 30, 2003
Vulnerability Reserved
Jun 10, 2003