Lucene search

[email protected]CVE-2009-2268

HistoryJul 01, 2009 - 1:00 p.m.

CVE-2009-2268

2009-07-0113:00:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-2268

cross-site scripting

xss

sun java system access manager

remote attackers

web script

html

vulnerability

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

sunjava_system_access_managerMatch6

sunjava_system_access_managerMatch6.0_2005q1linux

sunjava_system_access_managerMatch6.0_2005q1solaris_10_sparc

sunjava_system_access_managerMatch6.0_2005q1solaris_10_x86

sunjava_system_access_managerMatch6.0_2005q1solaris_8_sparc

sunjava_system_access_managerMatch6.0_2005q1solaris_8_x86

sunjava_system_access_managerMatch6.0_2005q1solaris_9_sparc

sunjava_system_access_managerMatch6.0_2005q1solaris_9_x86

sunjava_system_access_managerMatch7.0

sunjava_system_access_managerMatch7.0_2005q4hp-ux

sunjava_system_access_managerMatch7.0_2005q4linux

sunjava_system_access_managerMatch7.0_2005q4solaris10_x86

sunjava_system_access_managerMatch7.0_2005q4solaris9_x86

sunjava_system_access_managerMatch7.0_2005q4windows

sunjava_system_access_managerMatch7.1

sunjava_system_access_managerMatch7.1linux

sunjava_system_access_managerMatch7.1solaris_10_sparc

sunjava_system_access_managerMatch7.1solaris_10_x86

sunjava_system_access_managerMatch7.1solaris_8_sparc

sunjava_system_access_managerMatch7.1solaris_8_x86

sunjava_system_access_managerMatch7.1solaris_9_sparc

sunjava_system_access_managerMatch7.1solaris_9_x86

sunjava_system_access_managerMatch7.1windows

sunjava_system_access_managerMatch7_2005q4solaris_10_sparc

sunjava_system_access_managerMatch7_2005q4solaris_8_sparc

sunjava_system_access_managerMatch7_2005q4solaris_9_sparc

CPENameOperatorVersion
sun:java_system_access_managersun java system access managereq6
sun:java_system_access_managersun java system access managereq6.0_2005q1
sun:java_system_access_managersun java system access managereq7.0
sun:java_system_access_managersun java system access managereq7.0_2005q4
sun:java_system_access_managersun java system access managereq7.1
sun:java_system_access_managersun java system access managereq7_2005q4

CPE	Name	Operator	Version
sun:java_system_access_manager	sun java system access manager	eq	6
sun:java_system_access_manager	sun java system access manager	eq	6.0_2005q1
sun:java_system_access_manager	sun java system access manager	eq	7.0
sun:java_system_access_manager	sun java system access manager	eq	7.0_2005q4
sun:java_system_access_manager	sun java system access manager	eq	7.1
sun:java_system_access_manager	sun java system access manager	eq	7_2005q4

References

secunia.com/advisories/35651

sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2009-2268

prion1 nvd1 cvelist1 nessus24