| Vulnerability Name: | CVE-2008-2751 (CCN-42989) | ||||||||||||||||||||||||
| Assigned: | 2008-06-11 | ||||||||||||||||||||||||
| Published: | 2008-06-11 | ||||||||||||||||||||||||
| Updated: | 2018-10-11 | ||||||||||||||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-2751 Source: CCN Type: SA30604 GlassFish Administration Console Cross-Site Scripting Vulnerability Source: SREASON Type: UNKNOWN 3949 Source: CCN Type: WEBAPPSECURITY'S WEBLOG, June 11, 2008, 2:19 am XSS - Glassfish Web Admin Interface (Sun Java System Application Source: CCN Type: OSVDB ID: 46074 GlassFish Administration Console for Sun Java System Application Server configuration/httpListenerEdit.jsf name Parameter XSS Source: CCN Type: OSVDB ID: 46724 GlassFish Application Server resourceNode/customResourceNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46725 GlassFish Application Server resourceNode/externalResourceNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46726 GlassFish Application Server resourceNode/jmsDestinationNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46727 GlassFish Application Server resourceNode/jmsConnectionNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46728 GlassFish Application Server resourceNode/jdbcResourceNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46729 GlassFish Application Server applications/lifecycleModulesNew.jsf Multiple Parameter XSS Source: CCN Type: OSVDB ID: 46730 GlassFish Application Server resourceNode/jdbcConnectionPoolNew1.jsf Multiple Parameter XSS Source: BUGTRAQ Type: UNKNOWN 20080614 Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) Source: CCN Type: BID-29646 Sun Glassfish 'name' Parameter Cross Site Scripting Vulnerability Source: BID Type: UNKNOWN 29751 Source: CCN Type: BID-29751 Sun Glassfish Multiple Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN glassfish-multiple-scripts-xss(42989) Source: XF Type: UNKNOWN glassfish-multiple-scripts-xss(42989) Source: CCN Type: GlassFish Web site glassfish: GlassFish - Open Source Application Server | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||