Detections
Analytics

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

medium Nessus Network Monitor Plugin ID 3760

Synopsis

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks.

Description

The remote web server contains CGI scripts that are vulnerable to cross-site scripting attacks. The remote web server contains a CGI script used by Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize user-supplied input to several unspecified parameters before using it to generate dynamic web content. An unauthenticated remote attacker may be able to leverage these issues to inject arbitrary HTML and script code into a user's browser to be evaluated within the security context of the affected web site.

Solution

Upgrade to version 4.20.983 or higher.

See Also

http://www.securityfocus.com/archive/1/446566/30/0/threaded

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1&searchclause=

Plugin Details

Severity: Medium

ID: 3760

Family: Generic

Published: 10/2/2006

Updated: 3/6/2019

Nessus ID: 22495

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:sun:secure_global_desktop

Reference Information

CVE: CVE-2006-4958, CVE-2006-4959

BID: 20135, 20276