Sun GlassFish Enterprise Server HTTP Engine/Admin接口本地拒绝服务漏洞

漏洞起因
设计错误
 
影响系统
Sun Glassfish Enterprise Server 2.1
 
不受影响系统
 
危害
远程和本地攻击者可以利用漏洞进行跨站脚本执行和拒绝服务等攻击。
 
攻击所需条件
攻击者必须访问Sun GlassFish Enterprise Server。
 
漏洞信息
Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。
Sun GlassFish Enterprise Server HTTP引擎和管理接口存在多个安全问题,远程和本地攻击者可以利用漏洞进行跨站脚本执行和拒绝服务等攻击。
-允许远程非特权用户在验证用户浏览器会话中执行JavaScript,导致泄漏敏感信息。
-允许本地特权用户消耗大量系统资源,造成拒绝服务攻击。
 
测试方法
 
厂商解决方案
可参考如下补丁:
Sun Glassfish Enterprise Server 2.1
Sun 128640-10
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128640-10-1
Sun 128641-10
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128641-10-1
Sun 128642-10
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128642-10-1
Sun 128643-10
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128643-10-1
Sun 128644-10
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128644-10-1
Sun 128645-10
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128645-10-1
Sun 128646-10
Windows
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128646-10-1
Sun 128647-10
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128647-10-1
Sun 128648-10
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128648-10-1
Sun 128649-10
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128649-10-1
Sun 128650-10
Windows
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-128650-10-1
Sun 137916-09
AIX
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-137916-09-1
Sun 141700-01
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141700-01-1
Sun 141701-01
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141701-01-1
Sun 141702-01
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141702-01-1
Sun 141703-01
Windows
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141703-01-1
Sun 141704-01
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141704-01-1
Sun 141705-01
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141705-01-1
Sun 141706-01
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141706-01-1
Sun 141707-01
Windows
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141707-01-1
Sun 141708-01
AIX
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141708-01-1
Sun 141709-01
SPARC
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141709-01-1
Sun 141710-01
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141710-01-1
Sun 141711-01
Linux
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-141711-01-1
 
漏洞提供者
Sun
 
漏洞消息链接
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258528-1

发表评论?

0 条评论。

发表评论