Sun Java Web控制台跨站脚本漏洞

漏洞起因
输入验证错误
 
影响系统
Sun Solaris 10_x86
Sun Solaris 10
Sun Java Web Console 3.0.5
Sun Java Web Console 3.0.4
Sun Java Web Console 3.0.3
Sun Java Web Console 3.0.2
 
不受影响系统
 
危害
本地或远程非特权用户可以在用户浏览器会话中执行任意脚本代码。
 
攻击所需条件
攻击者必须访问Sun Java Web Console。
 
漏洞信息
Sun Java Web Console是一款用来管理在系统上安装和注册的基于Web的Sun系统管理应用程序。
Sun Java Web控制台存在多个跨站脚本问题,本地或远程非特权用户可以在用户浏览器会话中执行任意脚本代码。
目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
可参考如下补丁:
Sun Solaris 10
Sun 125952-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125952-19-1
Sun Solaris 10_x86
Sun 125953-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125953-19-1
Sun Java Web Console 3.0.2
Sun 125950-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125950-19-1
Sun 125951-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125951-19-1
Sun 125954-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125954-19-1
Sun 125955-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125955-19-1
Sun 127534-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127534-19-1
Sun 136986-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136986-03-1
Sun 136987-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -136987-03-1
Sun Java Web Console 3.0.3
Sun 125950-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125950-19-1
Sun 125951-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125951-19-1
Sun 125954-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125954-19-1
Sun 125955-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125955-19-1
Sun 127534-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127534-19-1
Sun Java Web Console 3.0.4
Sun 125950-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125950-19-1
Sun 125951-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125951-19-1
Sun 125954-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125954-19-1
Sun 125955-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125955-19-1
Sun 127534-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127534-19-1
Sun Java Web Console 3.0.5
Sun 125950-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125950-19-1
Sun 125951-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125951-19-1
Sun 125954-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125954-19-1
Sun 125955-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125955-19-1
Sun 127534-19
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -127534-19-1
 
漏洞提供者
Luca Carettoni