Lucene search

MitreCVE-2008-2518

HistoryJun 03, 2008 - 2:32 p.m.

CVE-2008-2518

2008-06-0314:32:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-2518

cross-site scripting

xss

sun java system web server

web security

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.

Affected configurations

Nvd

Node

sunjava_system_web_serverMatch6.1

sunjava_system_web_serverMatch6.1sp1

sunjava_system_web_serverMatch6.1sp2

sunjava_system_web_serverMatch6.1sp3

sunjava_system_web_serverMatch6.1sp4

sunjava_system_web_serverMatch6.1sp5

sunjava_system_web_serverMatch6.1sp6

sunjava_system_web_serverMatch6.1sp7

sunjava_system_web_serverMatch6.1sp8

sunjava_system_web_serverMatch7.0

sunjava_system_web_serverMatch7.0update_1

sunjava_system_web_serverMatch7.0update_2

VendorProductVersionCPE
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp8:*:*:*:*:*:*
sunjava_system_web_server7.0cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp1::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp2::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp3::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp4::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp5::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp6::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp7::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp8::::::
sun	java_system_web_server	7.0	cpe:2.3:a:sun:java_system_web_server:7.0:::::::*

Rows per page:

1-10 of 121

References

secunia.com/advisories/30381

sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1

www.securityfocus.com/bid/29355

www.securitytracker.com/id?1020110

www.vupen.com/english/advisories/2008/1649/references

exchange.xforce.ibmcloud.com/vulnerabilities/42624

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

Related for CVE-2008-2518