CVE-2009-1553 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf (2) configuration/configuration.jsf (3) customMBeans/customMBeans.jsf (4) resourceNode/resources.jsf (5) sysnet/registration.jsf or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf (8) configuration/httpListenerEdit.jsf or (9) resourceNode/jdbcResourceEdit.jsf.

Reference

http://dsecrg.com/pages/vul/show.php?id=134 http://jvn.jp/en/jp/JVN73653977/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html http://osvdb.org/54249 http://osvdb.org/54250 http://osvdb.org/54251 http://osvdb.org/54252 http://osvdb.org/54253 http://osvdb.org/54254 http://osvdb.org/54255 http://osvdb.org/54256 http://osvdb.org/54257 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1 http://www.nabble.com/-DSECRG–Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html http://www.nabble.com/Re:–DSECRG–Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html http://www.securityfocus.com/archive/1/503236/100/0/threaded http://www.securityfocus.com/bid/34824 http://www.securityfocus.com/bid/34914 http://www.vupen.com/english/advisories/2009/1255 https://exchange.xforce.ibmcloud.com/vulnerabilities/50453 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675