CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
70.5%
Sun Java Web Server is prone to a cross-site scripting (XSS)
vulnerability.
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:sun:java_system_web_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800812");
script_version("2023-09-15T05:06:15+0000");
script_tag(name:"last_modification", value:"2023-09-15 05:06:15 +0000 (Fri, 15 Sep 2023)");
script_tag(name:"creation_date", value:"2009-06-19 09:45:44 +0200 (Fri, 19 Jun 2009)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cve_id("CVE-2009-1934");
script_name("Sun Java System Web Proxy Server 6.1 < 6.1 SP11 XSS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_sun_one_java_sys_web_serv_ssh_login_detect.nasl", "gb_sun_oracle_web_server_http_detect.nasl");
script_mandatory_keys("sun/java_system_web_server/detected");
script_xref(name:"URL", value:"http://secunia.com/advisories/35338");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/35204");
script_xref(name:"URL", value:"http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1");
script_xref(name:"URL", value:"http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1");
script_tag(name:"summary", value:"Sun Java Web Server is prone to a cross-site scripting (XSS)
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The Flaw is due to error in 'Reverse Proxy Plug-in' which is not
properly sanitized the input data before being returned to the user. This can be exploited to
inject arbitrary web script or HTML via the query string in situations that result in a 502
Gateway error.");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to execute arbitrary
code, gain sensitive information by conducting XSS attacks in the context of an affected site.");
script_tag(name:"affected", value:"Sun Java System Web Server versions 6.1 before 6.1 SP11.");
script_tag(name:"solution", value:"Update to version 6.1 SP11 or later.");
# nb: The Remote-VT is only reporting the major version like 7.0.
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( port:port, cpe:CPE, exit_no_version:TRUE ) )
exit( 0 );
vers = infos["version"];
path = infos["location"];
if( version_in_range( version:vers, test_version:"6.1", test_version2:"6.1.SP10" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"6.1.SP11", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );