Sun ONE/Sun Java System 应用程序错误页跨站脚本攻击漏洞

CNNVD-ID编号	CNNVD-200605-358	CVE编号	CVE-2006-2501
发布时间	2006-05-19	更新时间	2006-10-31
漏洞类型	跨站脚本	漏洞来源	N/A
危险等级	中危	威胁类型	远程
厂商	sun

漏洞介绍

Sun ONE Web Server 6.0 SP9及之前版本, Java System Web Server 6.1 SP4及之前版本, Sun ONE Application Server 7 Platform和Standard Edition Update 6及之前版本 , 以及Java System Application Server 7 2004Q2 Standard和Enterprise Edition Update 2及之前版本存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助可能与错误讯息有关的未知攻击向量，注入任意Web脚本或HTML。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： Sun ONE Web Server 6.0 SP5 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP9 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP4 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP7 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP6 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP2 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP3 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP8 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun ONE Web Server 6.0 SP1 Sun Sun ONE Web Server 6.0 Service Pack 10 http://www.sun.com/download/products.xml?id=43a84f89 Sun Java System Web Server 6.1 SP4 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP3 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 SP2 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun Java System Web Server 6.1 Sun Sun Java System Web Server 6.1 Service Pack 5 http://www.sun.com/download/products.xml?id=434aec1d Sun ONE Application Server 7.0 UR1 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun Java System Application Server 7.0 2004Q2 R2 Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun Java System Application Server 7.0 2004Q2 R2 Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Enterprise Sun Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 3 http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=8&PartDetailId =SJAS72004Q2U4-EE-OTH-G-ES&TransactionId=try Sun ONE Application Server 7.0 UR6 Platform Edition Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun Java System Application Server 7.0 2004Q2 R1Standard Sun Sun Java System Application Server 7 2004Q2 Standard Edition Update 3 http://www.sun.com/download/products.xml?id=4331ff42 Sun ONE Application Server 7.0 UR2 Upgrade Platform Sun Sun ONE Application Server 7 Platform Edition Update 7 http://www.sun.com/download/products.xml?id=42ae3178 Sun ONE Application Server 7.0 UR2 Upgrade Standard Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c Sun ONE Application Server 7.0 UR1 Standard Edition Sun Sun ONE Application Server 7 Standard Edition Update 7 http://www.sun.com/download/products.xml?id=42ae317c

参考网址

来源: US-CERT

名称: VU#114956

链接：http://www.kb.cert.org/vuls/id/114956
来源: VUPEN

名称: ADV-2006-1866

链接：http://www.frsirt.com/english/advisories/2006/1866
来源: SUNALERT

名称: 102164

链接：http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1
来源: SECUNIA

名称: 20147

链接：http://secunia.com/advisories/20147
来源: JVN

名称: JVN#03D5EAA8

链接：http://jvn.jp/jp/JVN%2303D5EAA8/index.html
来源: XF

名称: sun-java-system-xss(26550)

链接：http://xforce.iss.net/xforce/xfdb/26550
来源: BID

名称: 18035

链接：http://www.securityfocus.com/bid/18035
来源: SECTRACK

名称: 1016126

链接：http://securitytracker.com/id?1016126

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-358

Sun ONE/Sun Java System 应用程序错误页跨站脚本攻击漏洞

漏洞介绍

漏洞补丁

参考网址

受影响实体

信息来源

查询漏洞

相关漏洞

支持服务

云学院

合作与生态

Sun ONE/Sun Java System 应用程序错误页 跨站脚本攻击漏洞

漏洞介绍

漏洞补丁

参考网址

受影响实体

信息来源

查询漏洞

相关漏洞

Sun ONE/Sun Java System 应用程序错误页跨站脚本攻击漏洞