Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2166

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Web Server
Vendor
CVE Published:
13 May 2008

Summary

A vulnerability exists in the search module of Sun Java System Web Server, affecting versions 6.1 prior to SP9 and 7.0 prior to Update 2. This flaw enables remote attackers to inject arbitrary web scripts or HTML by manipulating unknown parameters in the index.jsp file. Successful exploitation can lead to unauthorized actions taken on behalf of a user, impacting the security of web applications that leverage this server.

References

http://secunia.com/advisories/30133
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/29087
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/1455/references
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.