Sun system WebServer cross-site scripting vulnerability
Source: Internet
Author: User
Article Title: Cross-site scripting vulnerability in the Sun system WebServer. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Security vulnerability CN-VA04-66
Released on: 2004-7-23
Vulnerability impact: Attackers can remotely execute arbitrary code.
Vulnerability type: XSS vulnerability
Vulnerability Assessment: Moderate
Affected versions and systems:
Sun Java System Web Server 6.1
Sun Java System Web Server 6.1 Service Pack 1
Vulnerability description:
If you have no intention of clicking Untrusted Links or URLs in Web pages, email messages, or newsgroups, remote attackers can execute commands with user permissions.
Hazards:
Successful exploitation causes attackers to execute arbitrary code in the user system.
Solution:
Upgrade to Service Pack 2 or later.
Http://wwws.sun.com/software/download/inter_ecom.html#webs
References:
Http://sunsolve.sun.com/pub-cgi/.....tegory%3Asecurity
Http://www.ciac.org/ciac/bulletins/o-185.shtml
Vulnerability information provider:
CIAC
Other information:
CVE No:
Initial Release date: 2004-7-23
Number of revisions: 0
Vulnerability Report documentation:
CNCERT/CC
Bytes -----------------------------------------------------------------------------------
CNCERT/CC strives to ensure the accuracy and reliability of each announcement before releasing the security announcement information. However, the suggestions in the adoption and implementation announcements are completely determined by the user, and the possible problems and results are completely borne by the user. Whether or not to adopt our suggestions depends on your personal or your enterprise's decision-making. you should consider whether the content meets your personal or your enterprise's security policies and procedures.
In any case, if you are sure that your computer system is compromised or attacked, we encourage you to promptly inform the National Computer Network Emergency technical processing Coordination Center: http://www.cert.org.cn/servlet/Incident
At the same time, we encourage all computer and network security research institutions, including manufacturers and research institutes, to report to us information about vulnerabilities discovered by your organization. We will verify all vulnerability information and publish vulnerability information on the CNCERT/CC website and instruct affected users to take measures to avoid losses.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
