Cross-site Scripting Vulnerability in Sun Application Servers and Web Server
CVE-2003-0413

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
30 June 2003

Summary

The vulnerability allows attackers to exploit the webapps-simple sample application on the Sun ONE Application Server and Sun Java System Web Server. By crafting an HTTP request that prompts an 'Invalid JSP file' error, attackers can inject arbitrary web script or HTML into the response. This could lead to the execution of malicious scripts in the context of the user's browser, compromising user data and potentially leading to further attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.