---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Sun Java System Application Server Cross-Site Scripting SECUNIA ADVISORY ID: SA14677 VERIFY ADVISORY: http://secunia.com/advisories/14677/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Sun Java System Application Server (Sun ONE) 7.x http://secunia.com/product/1534/ DESCRIPTION: Eric Hobbs has reported a vulnerability in Sun Java System Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to an unspecified input validation error and can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. The following versions are affected: * Sun Java System Application Server Standard Edition 7 Update Release 5 and prior * Sun Java System Application Server Platform Edition 7 Update Release 5 and prior * Sun Java System Application Server 7 2004Q2 Standard Edition Update Release 1 and prior * Sun Java System Application Server 7 2004Q2 Enterprise Edition Update Release 1 and prior SOLUTION: The vendor has issued updated versions. Sun Java System Application Server 7 Standard Edition Update 6: http://www.sun.com/download/products.xml?id=41c239a4 Sun Java System Application Server 7 Platform Edition Update 6: http://www.sun.com/download/products.xml?id=41c374e2 Sun Java System Application Server 7 2004Q2 Standard Edition Update 2: http://www.sun.com/download/products.xml?id=41e32dfb Sun Java System Application Server 7 2004Q2 Enterprise Edition Update 2: https://osc-amer.sun.com/OSCSW/svcportal?pageName=clselection PROVIDED AND/OR DISCOVERED BY: Eric Hobbs, MagnaWare. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------