XSS in Sun Java_system_web_server

CVE-2009-1934

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gate…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.022 (80.5th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_web_server — versions 6.1
Sun One_web_server — versions 6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)