Summary
This host has Sun Java Web Server running on Windows, which is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will lets the attackers to execute arbitrary code, gain sensitive information by conducting XSS attacks in the context of a affected site.
Impact Level: System/Application
Solution
Update to Web Server version 6.1 SP11
http://www.sun.com/download/index.jsp
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1
Insight
The Flaw is due to, error in 'Reverse Proxy Plug-in' which is not properly sanitized the input data before being returned to the user. This can be exploited to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
Affected
Sun Java System Web Server versions 6.1 and before 6.1 SP11 on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1934 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability