Information for VU#225657

Oracle Javadoc HTML frame injection vulnerability



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Vendor: The Apache Software Foundation

Versions Affected:

Apache OpenOffice 3.4.1 SDK, on all platforms.
Earlier versions may be also affected.


As reported on June 18th there is a vulnerability in JavaDoc generated by Java 5, Java 6 and Java 7 before update 22. Generated JavaDoc files could be suceptible to HTML frame injection attacks. Our investigation indicated that the UDK 3.2.7 Java API Reference in the Apache OpenOffice SDK contains a vulnerable HTML file.

Note: Ordinary installs of OpenOffice are not impacted by this vulnerability. Only installs of the OpenOffice SDK, typically only installed by software developers writing extensions, are impacted

Vendor References


There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.