CVE-2009-1554 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2 as used in Sun GlassFish Enterprise Server and other products allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO which is displayed on the 404 error page as demonstrated by the PATH_INFO to theme/META-INF.

Reference

http://dsecrg.com/pages/vul/show.php?id=138 http://osvdb.org/54220 http://secunia.com/advisories/35006 http://www.nabble.com/-DSECRG–Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html http://www.nabble.com/Re:–DSECRG–Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html http://www.securityfocus.com/archive/1/503239/100/0/threaded http://www.securityfocus.com/bid/34829 https://exchange.xforce.ibmcloud.com/vulnerabilities/50336 https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041

Share on: