CIA Security Research, Security Alerts, Security Tools for Application Security

- Top Vulnerabilities

- Resources

- Alerts

- Disclosure Guidelines

- Library Updates

- Cenzic Newsletter

- White Paper Download

CIA RESEARCH

Alerts

[CIA-1056-Alert] Sun ONE and Sun Java System Application Server Cross-Site Scripting

Summary:

Versions of Sun ONE and the Sun Java System Application server allow cross-site scripting attacks.

Technical Details:

Sun ONE server version 7 prior to update 9 is susceptible to Cross-site Scripting

Multiple versions of the Java System Application Server and Enterprise Edition are affected, and the patches have been released for all affected platforms. The folowing security fixes have been released:

SPARC
Sun Java System Application Server 7 2004Q2 Update 5 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with (file based) patch 119169-08 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with (SVR4) patch 119166-16 or later

x86
Sun Java System Application Server 7 2004Q2 Update 5 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with (file based) patch 119170-08 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with (SVR4) patch 119167-16 or later

LINUX
Sun Java System Application Server 7 2004Q2 Update 5 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with (file based) patch 119171-08 or later
Sun Java System Application Server Enterprise Edition 8.1 2005Q1 with RHEL2.1/RHEL3.0 (Pkg_patch) 119168-16 or later

Windows
Sun Java System Application Server 7 2004Q2 Update 5 or later
Sun Java System Application Server Enterprise Edition 8.1 2005 Q1 with (file based) patch 119172-08

Consult the vendor security advisory for additional information.

Solution:

Sun Alert 102479

CVE Reference:

GENERIC-MAP-NOMATCH

SecurityTracker Number(s):

1016378

Vendor URL:

www.sun.com

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic's research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing - that's what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm® the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)