Note: This is an archival copy of Security Sun Alert 201076 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000798.1.
Sun Java System Access Manager 6 2005Q1
Sun Java System Access Manager 7 2005Q4
Date of Workaround Release
Date of Resolved Release
A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Access Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.
Additional information about cross-site scripting and web script vulnerabilities can be found at the following URLs:
These issues can occur in the following releases:
To determine if Sun Java System Access Manager is installed on a system, the following command can be run:
% pkginfo -l SUNWamsvc PKGINST: SUNWamsvc NAME: Sun Java System Access Manager Services CATEGORY: application ARCH: all VERSION: 7.0,REV=05.08.10.09.17
To determine the version of Sun Java System Access Manager on a system, the following command can be run:
# <access-manager-install-dir>/bin/amadmin --version Sun Java System Access Manager 7 2005Q4
There are no predictable symptoms that would indicate the described issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment