CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.0%
The Sun Secure Global Desktop (SSGD) contains cross-site scripting vulnerabilities.
Sun Secure Global Desktop (formerly Tarantella) contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML code from user input, facilitating cross-site scripting attacks:
* `taarchives.cgi`
* `ttaAuthentication.jsp`
* `ttalicense.cgi`
* `ttawlogin.cgi`
* `ttawebtop.cgi`
* `ttaabout.cgi`
* `test-cgi`
A remote attacker may be able to execute arbitrary script commands in the context of a victim user. Secondary impacts include: theft of cookie information, session hijacking, and loss of data privacy between a client and the intended server.
Apply an update
Sun has addressed this vulnerability in the latest build of Sun Secure Global Desktop.
262352
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 31, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Sun has issued a security document regarding this vulnerability. Please see Sun document 102650 for further details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23262352 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported by SUN in document 102650. Sun thanks Marc Ruef of scip AG for reporting this issue.
This document was written by Katie Steiner.
CVE IDs: | CVE-2006-4958 |
---|---|
Severity Metric: | 13.50 Date Public: |