Note: This is an archival copy of Security Sun Alert 200314 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000238.1. |
Category Security Release Phase Resolved 6181948 Date of Resolved Release 01-MAR-2005 Impact Due to this cross-site scripting vulnerability, users may unintentionally execute scripts in their browser written by a remote unprivileged user if they follow untrusted links/URIs in web pages, mail messages, or newsgroup postings. By following these untrusted links/URIs, the remote attacker may be able to execute commands with the privileges of the user who accessed the link/URI. Sun acknowledges with thanks, Eric Hobbs from MagnaWare, for bringing this issue to our attention. Additional information about cross-site scripting and web script vulnerabilities can be found at the following URLs: http://www.cert.org/archive/pdf/cross_site_scripting.pdf http://www.cert.org/tech_tips/malicious_code_FAQ.html http://www.cert.org/advisories/CA-2000-02.html Contributing Factors This issue can occur in the following releases for all platforms:
Note: Sun Java System Application Server 8 2005Q1 and Sun Java System Application Server 8 (Platform Edition) are not affected. Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases:
Sun Java System Application Server 7 Standard Edition, Update 6 is available for download at http://www.sun.com/download/products.xml?id=41c239a4 Sun Java System Application Server 7 Platform Edition, Update 6 is available for download at http://www.sun.com/download/products.xml?id=41c374e2 Sun Java System Application Server 7 2004Q2 Standard Edition, Update 2 is available for download at http://www.sun.com/download/products.xml?id=41e32dfb For the Sun Java System Application Server 7 2004Q2 Enterprise Edition, Update 2, please see the Sun Online Support Center at https://osc-amer.sun.com/OSCSW/svcportal?pageName=clselection Modification History Product Sun Java System Application Server Platform Edition 8 Attachments This solution has no attachment |
|