CVE-2009-2268

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://secunia.com/advisories/35651

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1

Details

Source: MITRE

Published: 2009-07-01

Updated: 2010-05-25

Type: CWE-79

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:java_system_access_manager:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:hp-ux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*

cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
107950Solaris 10 (x86) : 126357-06NessusSolaris Local Security Checks
critical
107871Solaris 10 (x86) : 120955-12NessusSolaris Local Security Checks
critical
107821Solaris 10 (x86) : 119465-17NessusSolaris Local Security Checks
medium
107450Solaris 10 (sparc) : 126356-06NessusSolaris Local Security Checks
critical
107369Solaris 10 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
107318Solaris 10 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
44085Solaris 5.9 (x86) : 126356-03NessusSolaris Local Security Checks
critical
38126Solaris 10 (x86) : 120955-12 (deprecated)NessusSolaris Local Security Checks
critical
38005Solaris 9 (x86) : 120955-12NessusSolaris Local Security Checks
critical
37533Solaris 9 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
37271Solaris 8 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
36756Solaris 10 (sparc) : 120954-12 (deprecated)NessusSolaris Local Security Checks
critical
30014Solaris 5.9 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30013Solaris 5.9 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30012Solaris 5.8 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30011Solaris 5.8 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30010Solaris 5.10 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30007Solaris 5.10 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
23611Solaris 9 (x86) : 119465-17NessusSolaris Local Security Checks
medium
23553Solaris 9 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
23466Solaris 8 (x86) : 119465-17NessusSolaris Local Security Checks
medium
23415Solaris 8 (sparc) : 119465-17NessusSolaris Local Security Checks
medium
22989Solaris 10 (x86) : 119465-17 (deprecated)NessusSolaris Local Security Checks
medium
22956Solaris 10 (sparc) : 119465-17 (deprecated)NessusSolaris Local Security Checks
medium