Category
Security
Release Phase
Resolved
ProductSun Java System Messaging Server 6.0
Sun Java System Messaging Server 6.3
Bug Id
6509577
Date of Workaround Release23-MAY-2007
Date of Resolved Release30-MAY-2007
Impact
A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Messaging Server may allow an unprivileged remote user the ability to execute arbitrary JavaScript commands in a client user's Internet Explorer web browser. This may allow the remote user to steal cookie information, hijack sessions, or cause a loss of data privacy.
Additional information about cross-site scripting and web script vulnerabilities can be found at the following URLs:
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for Solaris 9 and Solaris 10) without patch 120228-20
x86 Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for Solaris 9 and Solaris 10) without patch 120229-18
Linux Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for RHEL 3 and RHEL 4) without patch 120230-18
Note: This issue only occurs when the client browser is Internet Explorer (IE).
Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
Workaround
There is no workaround for this issue.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for Solaris 9 and Solaris 10) with patch 120228-20 or later
x86 Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for Solaris 9 and Solaris 10) with patch 120229-18 or later
Linux Platform
- Sun Java System Messaging Server 6.0, 6.1, 6.2 and 6.3 (for RHEL 3 and RHEL 4) with patch 120230-18 or later
Modification History
Date: 30-MAY-2007
- State: Resolved
- Updated Contributing Factors and Resolution sections
References
120228-20
120229-18
120230-18
AttachmentsThis solution has no attachment