|
Note: This is an archival copy of Security Sun Alert 201076 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000798.1. |
Category Security Release Phase Resolved Sun Java System Access Manager 6 2005Q1 Sun Java System Access Manager 7 2005Q4 Bug Id 6463730 Date of Workaround Release 29-JAN-2007 Date of Resolved Release 27-FEB-2007 Impact A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Access Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Additional information about cross-site scripting and web script vulnerabilities can be found at the following URLs: http://www.cert.org/archive/pdf/cross_site_scripting.pdf http://www.cert.org/tech_tips/malicious_code_FAQ.html http://www.cert.org/advisories/CA-2000-02.html Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
To determine if Sun Java System Access Manager is installed on a system, the following command can be run: % pkginfo -l SUNWamsvc PKGINST: SUNWamsvc NAME: Sun Java System Access Manager Services CATEGORY: application ARCH: all VERSION: 7.0,REV=05.08.10.09.17 To determine the version of Sun Java System Access Manager on a system, the following command can be run: # <access-manager-install-dir>/bin/amadmin --version Sun Java System Access Manager 7 2005Q4 Symptoms There are no predictable symptoms that would indicate the described issue has occurred. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Modification History Date: 27-FEB-2007 27-Feb-2007:
References120954-04120955-04 120956-04 120091-13 119409-13 119502-09 119465-09 115766-13 117586-21 Attachments This solution has no attachment | |||||||||||||||
|
|