This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote web server is running a web application that is affected by
a cross-site scripting vulnerability.
The remote web server contains a web application built using Woodstock
components, which are user interface components for the web- based on
Java Server Faces and AJAX. Woodstock is part of Sun Glassfish
Enterprise Server and can also be used with other Java web containers,
such as JBoss, Tomcat, and WebLogic.
The version of Woodstock in use fails to properly sanitize user-
supplied URI data when generating 404 error page. By sending UTF-7
encoded URIs to the affected application, an attacker could launch
cross-site scripting attacks.
Note that this attack only works if the victim configures their
browser to auto-detect encoding, and the browser recognizes UTF-7.
See also :
Download the latest Woodstock sources from CVS.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 38733 ()
Bugtraq ID: 3482934914
CVE ID: CVE-2009-1554
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.