Note: This is an archival copy of Security Sun Alert 269368 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021023.1.
Sun Java System Portal Server
Sun Java System Portal Server 7.1
Sun Java System Portal Server 7.2
Date of Resolved Release
Cross-Site Scripting (XSS) Vulnerabilities in Sun Java System Portal Server's Gateway May Lead to Execution of Arbitrary Code
2. Contributing Factors
These issues can occur in the following releases:
On portal 6.3.1:
$ <PS_INSTALL_DIR>/SUNWps/bin/version -p
On portal 7.1/7.2:
$ <PS_INSTALL_DIR>/SUNWportal/bin/psadmin version -u amadmin --patches
Fri Jun 20 07:37:07 PDT 2008 Sun Java(tm) System Portal Server 7.13. Symptoms
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment