Note: This is an archival copy of Security Sun Alert 200002 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000001.1. |
Category Security Release Phase Resolved Sun Java System Application Server Standard Edition 7 2004Q2 Sun ONE Application Server 7, Standard Edition Sun Java System Application Server Enterprise Edition 8.1 2005Q1 Bug Id 6387790 Date of Resolved Release 23-JUN-2006 Impact A Cross Site Scripting (CSS or XSS) vulnerability in the Sun ONE and Sun Java System Application Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Note: Previous update releases of Sun ONE Application Server 7 (prior to Update 9), Sun Java System Application Server 7.1 (prior to Update 5) and Sun Java System Applciation Server (Enterprise Edition) 8.1 are affected by this issue. To determine the version of Sun Java System Application server on a system, the following command can be run: $ <AS_INSTALL>/bin/asadmin version --verbose Unable to communicate with admin server, getting version locally. Version = Sun Java System Application Server Enterprise Edition 8.1 (build b43-fcs) Command version executed successfully. (Where <AS_INSTALL> is the installation directory of the Application Server). Symptoms There are no predictable symptoms that would indicate the described issue has occurred. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows Platform
Sun ONE Application Server 7 Update 9 and Sun Java System Application Server Update 5 can be downloaded at: http://www.sun.com/download/index.jsp?cat=Application%20%26%20Integration%20Services&tab=3 References119166-16119167-16 119171-08 119168-16 119169-08 119170-08 Attachments This solution has no attachment |
|