Summary
This host has Sun Java Web Server running on Windows, which is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will lets the attackers to execute arbitrary code, gain sensitive information by conducting XSS attacks in the context of a affected site.
Impact Level: System/Application
Solution
Update to Web Server version 6.1 SP11
http://www.sun.com/download/index.jsp
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1
Insight
The Flaw is due to, error in 'Reverse Proxy Plug-in' which is not properly sanitized the input data before being returned to the user. This can be exploited to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
Affected
Sun Java System Web Server versions 6.1 and before 6.1 SP11 on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1934 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities