Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01)

2008.12.02
Credit: Eduardo Jorge
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

============================== XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) ============================== Author: Eduardo Neves a.k.a _eth0_ Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION : Glassfish webadmin interface VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs) VENDOR : http://www.sun.com DOWNLOAD : https://glassfish.dev.java.net/ ============================== IMPACT: XSS, XSRF, etc. Severity: Low (or not?) ============================== Descrition: This vulnerability was found in Edit HTTP Listener section in Glassfish web admin interface. This is a vulnerable URL: http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>a lert(document.cookie);</script>&configName=server-config -- |_|0|_| Serrano Neves - a.k.a eth0 |_|_|0| http://webappsecurity.wordpress.com |0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds

Referencje:

http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top