A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies.
From Sun Alert Notification 102164:
A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.
Sun states that the following products can be affected:
By convincing a user to visit a web page, an attacker could read or modify the contents of web pages on a vulnerable web server. The attacker could read sensitive information, steal cookies, or modify the contents of a web page.
Apply an update
Red Hat, Inc.
Sun Microsystems, Inc.
Netscape Communications Corporation
Thanks to JPCERT/CC and IPA for reporting this vulnerability.
This document was written by Katie Washok and Art Manion.
|Date First Published:||2006-08-10|
|Date Last Updated:||2006-08-15 17:46 UTC|