Advertisements

 Sun Java System Access Manager - Cross-site scripting

Thursday, 1 February 2007

Vendor: www.sun.com
Product: Sun Java System Access Manager
Affected versions: 6,7
Vulnerability: Input validation error
Class: Cross-site scripting

Details:

A Cross Site Scripting vulnerability in the Sun Java System Access Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.

No more information is available.

Solution:

SPARC Platform

  • Sun Java System Access Manager 7 2005Q4 (7.0) (for Solaris 8, 9 and 10) with patch 120954-04 or later
  • Sun Java System Access Manager 6 2005Q1 (6.3) (for Solaris 8, 9 and 10) with patch 119465-09 or later
  • Sun Java System Access Manager 6.2 (for Solaris 8 and 9) with patch 115766-13 or later

x86 Platform

  • Sun Java System Access Manager 7 2005Q4 (7.0) (for Solaris 9 and 10) with patch 120955-04 or later
  • Sun Java System Access Manager 6 2005Q1 (6.3) (for Solaris 8, 9 and 10) with patch 119465-09 or later
  • Sun Java System Access Manager 6.2 (for Solaris 8 and 9) with patch 120091-13 or later

Linux Platform

  • Sun Java System Access Manager 7 2005Q4 (7.0) with patch 120956-04 or later
  • Sun Java System Access Manager 6 2005Q1 (6.3) with patch 119502-09 or later
  • Sun Java System Access Manager 6.2 with patch 119409-13 or later

A final resolution is pending completion (6.1, SPARC).

Advisories:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.