Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:JAVA-EXPRESS-HTML-INJ |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sun Java System Communications Express HTML Injection |
Release Date |
2013/06/05 |
Update Number |
2270 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Sun Java System Communications Express HTML Injection
This signature detects attempts to exploit a known vulnerability in the Sun Java System Communications Express. Attackers can create malicious Web pages containing dangerous web script or HTML, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.
Extended Description
Sun Java System Communications Express is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. We don't know which versions of Java System Communications Express are affected. We will update this BID when more details emerge.
Affected Products
- Sun java_system_communications_express 6.2
- Sun java_system_communications_express 6.3
- Sun java_system_communications_express
References
- BugTraq: 34083
- CVE: CVE-2009-0877