PT-2006-3448 · Sun · Sun Java System Application Server+3
Publicado
2006-05-20
·
Atualizado
2017-07-20
·
CVE-2006-2501
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun ONE Web Server versions 6.0 SP9 and earlier
Java System Web Server versions 6.1 SP4 and earlier
Sun ONE Application Server versions 7 Platform and Standard Edition Update 6 and earlier
Java System Application Server versions 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
Recommendations
For Sun ONE Web Server versions 6.0 SP9 and earlier, update to a version later than 6.0 SP9.
For Java System Web Server versions 6.1 SP4 and earlier, update to a version later than 6.1 SP4.
For Sun ONE Application Server versions 7 Platform and Standard Edition Update 6 and earlier, update to a version later than Update 6.
For Java System Application Server versions 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, update to a version later than Update 2.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sun Java System Application Server
Sun Java System Web Server
Sun One Application Server
Sun One Web Server