Vulnerability Name:

CVE-2007-0628 (CCN-31936)

Assigned:2007-01-29
Published:2007-01-29
Updated:2017-07-29
Summary:Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-0628

Source: OSVDB
Type: UNKNOWN
33010

Source: CCN
Type: SA23979
Sun Java System Access Manager Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
23979

Source: CCN
Type: SECTRACK ID: 1017570
Sun Java System Access Manager Input Validation Holes in `goto` and `gx-charset` Parameters Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1017570

Source: CCN
Type: Sun Alert ID: 102621
Cross-site Scripting Vulnerability in Sun Java System Access Manager

Source: SUNALERT
Type: UNKNOWN
102621

Source: CCN
Type: ASA-2007-050
Cross-site Scripting Vulnerability in Sun Java System Access Manager (Sun 102621)

Source: CCN
Type: OSVDB ID: 33010
Sun Java System Access Manager Multiple XSS

Source: BID
Type: Patch
22302

Source: CCN
Type: BID-22302
Sun Java System Access Manager Undisclosed Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-0411

Source: XF
Type: UNKNOWN
java-access-server-unspecified-xss(31936)

Source: XF
Type: UNKNOWN
java-access-server-unspecified-xss(31936)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_access_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system access manager 6.1
    sun java system access manager 6.2
    sun java system access manager 6.3
    sun java system access manager 7.0
    sun java system access manager 7.0
    sun java system access manager 6.1
    sun java system access manager 6.2
    sun java system access manager 6.3