Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2166

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 13 May 2008

Summary

A vulnerability exists in the search module of Sun Java System Web Server, affecting versions 6.1 prior to SP9 and 7.0 prior to Update 2. This flaw enables remote attackers to inject arbitrary web scripts or HTML by manipulating unknown parameters in the index.jsp file. Successful exploitation can lead to unauthorized actions taken on behalf of a user, impacting the security of web applications that leverage this server.

References

http://secunia.com/advisories/30133

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/29087

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/1455/references

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 13, 2008
Vulnerability Reserved
May 13, 2008