Vulnerability Note VU#114956
Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page
A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies.
From Sun Alert Notification 102164:
Vulnerable web servers do not adequately validate the contents of the HTTP REFERER header before using the contents in the default error page.
A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.
Sun states that the following products can be affected:
Sun ONE Web Server is derived from Netscape Enterprise Server. Netscape Enterprise Server was also ported to Novell Netware. Netscape Enterprise Server, iPlanet Web Server, Novell NetWare Enterprise Web Server, and other web servers derived from Netscape Enterprise Server may be affected.
- Sun ONE Web Server 6.0 Service Pack 9 and earlier
- Sun Java System Web Server 6.1 Service Pack 4 and earlier
- Sun ONE Application Server 7 Platform Edition Update 6 and earlier
- Sun ONE Application Server 7 Standard Edition Update 6 and earlier
- Sun Java System Application Server 7 2004Q2 Standard Edition Update 2 and earlier
- Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2 and earlier
By convincing a user to visit a web page, an attacker could read or modify the contents of web pages on a vulnerable web server. The attacker could read sensitive information, steal cookies, or modify the contents of a web page.
Apply an update
Please see Sun Alert Notification 102164 for information about updated software.
Change default error page
Change the default error page to not include the contents of the REFERER header. Red Hat has kindly provided instructions for changing the default error page on Netscape Enterprise Server 6.0.
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|Red Hat, Inc.||Affected||08 Mar 2005||10 Aug 2006|
|Sun Microsystems, Inc.||Affected||08 Mar 2005||10 Aug 2006|
|Netscape Communications Corporation||Unknown||08 Mar 2005||10 Aug 2006|
|Novell, Inc.||Unknown||08 Mar 2005||10 Aug 2006|
Thanks to JPCERT/CC and IPA for reporting this vulnerability.
This document was written by Katie Washok and Art Manion.
08 Mar 2005
Date First Published:
10 Aug 2006
Date Last Updated:
15 Aug 2006
If you have feedback, comments, or additional information about this vulnerability, please send us email.