Vulnerability CVE-2003-0413
Published: 2003-06-30   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> One application server 

 References:
http://marc.info/?l=bugtraq&m=105409846029475&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
http://www.ciac.org/ciac/bulletins/n-103.shtml
http://www.iss.net/security_center/static/12095.php
http://www.securityfocus.com/bid/7710
http://www.spidynamics.com/sunone_alert.html
Copyright 2024, cxsecurity.com

 

Back to Top