Note: This is an archival copy of Security Sun Alert 258068 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020424.1.
Article ID : 1020424.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Cross-Site Scripting (XSS) Vulnerability in Sun Java System Communications Express

Category
Security

Release Phase
Resolved

Bug Id
6793990

Product
Sun Java System Communications Express

Date of Resolved Release
20-May-2009

Multiple Cross-site Scripting (XSS) vulnerabilities affecting Sun Java System Communications Express may allow a remote unprivileged user ... (see below)

1. Impact

Multiple Cross-site Scripting (XSS) vulnerabilities affecting Sun Java
System Communications Express may allow a remote unprivileged user to
execute arbitrary scripting code within a user's browsing session.

Sun acknowledges, with thanks, Core Security Technologies for bringing
this issue to our attention.


2. Contributing Factors


This issue can occur in the following releases:

SPARC Platform
  • Sun Java System Communications Express 6.3 (Communications Suite 5 or 6) without patch 122793-26
  • Sun Java System Communications Express 6 2005Q4(6.2)
x86 Platform
  • Sun Java System Communications Express 6.3 (Communications Suite 5 or 6) without patch 122794-26
  • Sun Java System Communications Express 6 2005Q4(6.2)  
Linux
  • Sun Java System Communications Express 6.3 (Communications Suite 5 or 6) without patch 122795-26
  • Sun Java System Communications Express 6 2005Q4(6.2)

3. Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


4. Workaround

There is no workaround for these issues. Please see the Resolution section below.


5. Resolution


This issue is addressed in the following releases:

SPARC Platform
  • Sun Java System Communications Express 6.3 (Communications Suite 5 or 6) with patch 122793-26 or later
x86 Platform
  • Sun Java System Communications Express 6.3  (Communications Suite 5 or 6) with patch 122794-26 or later
Linux 
  • Sun Java System Communications Express 6.3  (Communications Suite 5 or 6) with patch 122795-26 or later

Note: to resolve this issue for Sun Java System Communications Express 6 2005Q4(6.2), sites
should upgrade to Communications Express 6.3 and then install the above resolution patches as appropriate.

Documentation about the upgrade process is available at the following URL:

http://docs.sun.com/source/819-7561/commsX.html#wp1074201



For more information on Security Sun Alerts, see


References

122793-26
122794-26
122795-26

References

SUNPATCH:122793-26
SUNPATCH:122794-26
SUNPATCH:122795-26



Attachments
This solution has no attachment