{"vuid":"VU#114956","idnumber":"114956","name":"Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page","keywords":["Sun ONE Web Server","cross-site scripting","css","specially crafted URL","xss","JVN#03D5EAA8"],"overview":"A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies.","clean_desc":"From Sun Alert Notification 102164: A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Vulnerable web servers do not adequately validate the contents of the HTTP REFERER header before using the contents in the default error page. Sun states that the following products can be affected: Sun ONE Web Server 6.0 Service Pack 9 and earlier\nSun Java System Web Server 6.1 Service Pack 4 and earlier\nSun ONE Application Server 7 Platform Edition Update 6 and earlier\nSun ONE Application Server 7 Standard Edition Update 6 and earlier\nSun Java System Application Server 7 2004Q2 Standard Edition Update 2 and earlier\nSun Java System Application Server 7 2004Q2 Enterprise Edition Update 2 and earlier\nSun ONE Web Server is derived from Netscape Enterprise Server. Netscape Enterprise Server was also ported to Novell Netware. Netscape Enterprise Server, iPlanet Web Server, Novell NetWare Enterprise Web Server, and other web servers derived from Netscape Enterprise Server may be affected.","impact":"By convincing a user to visit a web page, an attacker could read or modify the contents of web pages on a vulnerable web server. The attacker could read sensitive information, steal cookies, or modify the contents of a web page.","resolution":"Apply an update\nPlease see Sun Alert Notification 102164 for information about updated software.","workarounds":"Change default error page Change the default error page to","sysaffected":"","thanks":"Thanks to JPCERT/CC and IPA for reporting this vulnerability.","author":"This document was written by Katie Washok and Art Manion.","public":["http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1","http://jvn.jp/jp/JVN%2303D5EAA8/index.html","http://www.ipa.go.jp/security/vuln/documents/2006/JVN_03D5EAA8_SJSWebServer.html","http://www.cert.org/archive/pdf/cross_site_scripting.pdf","http://secunia.com/advisories/20147/","http://www.auscert.org.au/6341"],"cveids":["CVE-2006-2501"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:14:28.172319Z","publicdate":"2005-03-08T00:00:00Z","datefirstpublished":"2006-08-10T15:53:57Z","dateupdated":"2006-08-15T17:46:52Z","revision":32,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":14.503125,"vulnote":null}