Summary
This host is running Oracle iPlanet Web Server and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Please refer below link for updates,
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
Insight
- Input passed via the 'helpLogoWidth' and 'helpLogoHeight' parameters to admingui/cchelp2/Masthead.jsp (when 'mastheadTitle' is set) and the 'productNameSrc', 'productNameHeight', and 'productNameWidth' parameters to admingui/version/Masthead.jsp is not properly sanitised before being returned to the user.
- Input passed via the 'appName' and 'pathPrefix' parameters to admingui/ cchelp2/Navigator.jsp is not properly sanitised before being returned to the user.
Affected
Oracle iPlanet WebServer 7.0
References
Severity
Classification
-
CVE CVE-2012-0516 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache mod_include priviledge escalation
- Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
- Codebrws.asp Source Disclosure Vulnerability