Category
Security
Release Phase
Resolved
Bug Id
6679004
ProductSun Java System Portal Server 7.0
Sun Java System Portal Server 7.1
Date of Resolved Release15-Aug-2008
A Cross Site Scripting (XSS) security vulnerability exists in some of the Portlets bundled with Sun Java System Portal Server (see below for details)
1. Impact
A Cross Site Scripting (XSS) security vulnerability
exists in some of the Portlets bundled with Sun Java System Portal
Server that may allow remote users to execute arbitrary JavaScript code
in a user's web browser.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java System Portal Server 7.1 (for Solaris 8, 9 and 10) without patch 124301-10
- Sun Java System Portal Server 7.0 (for Solaris 8, 9 and 10) without patch 121913-19
x86 Platform- Sun Java System Portal Server 7.1 (for Solaris 8, 9 and 10) without patch 124302-10
- Sun Java System Portal Server 7.0 (for Solaris 8, 9 and 10) without patch 121914-19
Linux Platform- Sun Java System Portal Server 7.1 without patch 124303-11
- Sun Java System Portal Server 7.0 without patch 121915-19
To determine the version of Sun Java System Portal Server Software installed on a system, the following command can be run:
#
<PS_INSTALL_DIR>/bin/psadmin version -u amadmin -f passwordFile
Fri Aug 20 07:37:07 PDT 2008 Sun Java(tm) System Portal Server 7.1
Note: Portal Server Software versions 6.3.1 or earlier and version 7.2 are not impacted by this issue.
3. Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java System Portal Server 7.1 (for Solaris 8, 9 and 10) with patch 124301-10 or later
- Sun Java System Portal Server 7.0 (for Solaris 8, 9 and 10) with patch 121913-19 or later
x86 Platform- Sun Java System Portal Server 7.1 (for Solaris 8, 9 and 10) with patch 124302-10 or later
- Sun Java System Portal Server 7.0 (for Solaris 8, 9 and 10) with patch 121914-19 or later
Linux Platform- Sun Java System Portal Server 7.1 with patch 124303-11 or later
- Sun Java System Portal Server 7.0 with patch 121915-19 or later
For more information on Security Sun Alerts, see
.
References
SUNPATCH:121913-19
SUNPATCH:121914-19
SUNPATCH:121915-19
SUNPATCH:124301-10
SUNPATCH:124302-10
SUNPATCH:124303-11
AttachmentsThis solution has no attachment