SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#114956

Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview

A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies.

I. Description

From Sun Alert Notification 102164:

    A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.

Vulnerable web servers do not adequately validate the contents of the HTTP REFERER header before using the contents in the default error page.

Sun states that the following products can be affected:
  • Sun ONE Web Server 6.0 Service Pack 9 and earlier
  • Sun Java System Web Server 6.1 Service Pack 4 and earlier
  • Sun ONE Application Server 7 Platform Edition Update 6 and earlier
  • Sun ONE Application Server 7 Standard Edition Update 6 and earlier
  • Sun Java System Application Server 7 2004Q2 Standard Edition Update 2 and earlier
  • Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2 and earlier
Sun ONE Web Server is derived from Netscape Enterprise Server. Netscape Enterprise Server was also ported to Novell Netware. Netscape Enterprise Server, iPlanet Web Server, Novell NetWare Enterprise Web Server, and other web servers derived from Netscape Enterprise Server may be affected.

II. Impact

By convincing a user to visit a web page, an attacker could read or modify the contents of web pages on a vulnerable web server. The attacker could read sensitive information, steal cookies, or modify the contents of a web page.

III. Solution

Apply an update

Please see Sun Alert Notification 102164 for information about updated software.

Change default error page

Change the default error page to not include the contents of the REFERER header. Red Hat has kindly provided instructions for changing the default error page on Netscape Enterprise Server 6.0.

Systems Affected

VendorStatusDate NotifiedDate Updated
Netscape Communications CorporationUnknown10-Aug-2006
Novell, Inc.Unknown10-Aug-2006
Red Hat, Inc.Vulnerable10-Aug-2006
Sun Microsystems, Inc.Vulnerable10-Aug-2006

References


http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1
http://jvn.jp/jp/JVN%2303D5EAA8/index.html
http://www.ipa.go.jp/security/vuln/documents/2006/JVN_03D5EAA8_SJSWebServer.html
http://www.cert.org/archive/pdf/cross_site_scripting.pdf
http://secunia.com/advisories/20147/
http://www.auscert.org.au/6341

Credit

Thanks to JPCERT/CC and IPA for reporting this vulnerability.

This document was written by Katie Washok and Art Manion.

Other Information

Date Public:2005-03-08
Date First Published:2006-08-10
Date Last Updated:2006-08-15
CERT Advisory: 
CVE-ID(s):CVE-2006-2501
NVD-ID(s):CVE-2006-2501
US-CERT Technical Alerts: 
Metric:14.50
Document Revision:32

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader