Sun Java Web服务器反向代理插件跨站点脚本

软件: Sun Java System Web Server (Sun ONE/iPlanet) 6.x
描述:
漏洞报告了Sun Java系统网络服务器,它可以被恶意人士进行跨网站脚本攻击。

未指定的输入传递给Sun Java系统网络服务器6.1反向代理插件是没有正确地过滤,然后返回给用户。这可以被用来执行任意HTML和脚本代码在用户的浏览器会在背景下,受影响网站。

安全建议:

Apply patches or update to Service Pack 11 or later.
https://cds.sun.com/is-bin/INTERSHOP….Ref=SJWS-6.1-SP11-OTH-G-F@CDS-CDS_SMI

— SPARC Platform —

Sun Java System Web Server 6.1:
Update to Service Pack 11, or apply patch 116648-23 or later.

— x86 Platform —

Sun Java System Web Server 6.1:
Update to Service Pack 11, or apply patch 116649-23 or later.

— Linux —

Sun Java System Web Server 6.1:
Update to Service Pack 11, or apply patch 118202-15 or later.

— Windows —

Sun Java System Web Server 6.1:
Update to Service Pack 11, or apply patch 121524-07 or later.

— HP-UX —

Sun Java System Web Server 6.1:
Update to Service Pack 11, or apply patch 121510-07 or later.

— AIX —

Sun Java System Web Server 6.1:
Update to Service Pack 11 or later.

发表评论?

0 条评论。

发表评论