CVE-2007-3503

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://dev2dev.bea.com/pub/advisory/248

http://docs.info.apple.com/article.html?artnum=307177

http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

http://osvdb.org/36488

http://secunia.com/advisories/25769

http://secunia.com/advisories/26314

http://secunia.com/advisories/26369

http://secunia.com/advisories/26631

http://secunia.com/advisories/26645

http://secunia.com/advisories/26933

http://secunia.com/advisories/27203

http://secunia.com/advisories/28115

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1

http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

http://www.redhat.com/support/errata/RHSA-2007-0818.html

http://www.redhat.com/support/errata/RHSA-2007-0829.html

http://www.redhat.com/support/errata/RHSA-2007-0956.html

http://www.securityfocus.com/bid/24690

http://www.securitytracker.com/id?1018327

http://www.vupen.com/english/advisories/2007/2383

http://www.vupen.com/english/advisories/2007/3009

http://www.vupen.com/english/advisories/2007/4224

https://exchange.xforce.ibmcloud.com/vulnerabilities/35168

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704

Details

Source: MITRE

Published: 2007-06-30

Updated: 2018-10-26

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
63843RHEL 4 : java-1.5.0-sun (RHSA-2007:0818)NessusRed Hat Local Security Checks
high
60344Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60316Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
40708RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)NessusRed Hat Local Security Checks
high
40706RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829)NessusRed Hat Local Security Checks
critical
29702Mac OS X : Java for Mac OS X 10.4 Release 6NessusMacOS X Local Security Checks
critical
26117GLSA-200709-15 : BEA JRockit: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high