CVE-2008-5266

Name of the Vulnerable Software and Affected Versions Sun Java System Application Server versions 9.1 01 build b09d-fcs through 9.1 02 build b04-fcs

Description A cross-site scripting (XSS) issue exists in the configuration/httpListenerEdit.jsf file of the GlassFish 2 UR2 b04 webadmin interface. This allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Recommendations For Sun Java System Application Server versions 9.1 01 build b09d-fcs through 9.1 02 build b04-fcs, avoid using the name parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the configuration/httpListenerEdit.jsf file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.