CVE-2009-1553: XSS
First published: Wed May 06 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GlassFish | =2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dsecrg.com/pages/vul/show.php?id=134
- http://jvn.jp/en/jp/JVN73653977/index.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html
- http://osvdb.org/54249
- http://osvdb.org/54250
- http://osvdb.org/54251
- http://osvdb.org/54252
- http://osvdb.org/54253
- http://osvdb.org/54254
- http://osvdb.org/54255
- http://osvdb.org/54256
- http://osvdb.org/54257
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1
- http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
- http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
- http://www.securityfocus.com/archive/1/503236/100/0/threaded
- http://www.securityfocus.com/bid/34824
- http://www.securityfocus.com/bid/34914
- http://www.vupen.com/english/advisories/2009/1255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50453
- https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668
- https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669
- https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675
Frequently Asked Questions
What is the severity of CVE-2009-1553?
CVE-2009-1553 has a medium severity level due to its potential for cross-site scripting attacks.
How do I fix CVE-2009-1553?
To fix CVE-2009-1553, apply the latest patches provided by Oracle for GlassFish Server version 2.1.
What software is affected by CVE-2009-1553?
CVE-2009-1553 affects Oracle GlassFish Server version 2.1.
What types of vulnerabilities are present in CVE-2009-1553?
CVE-2009-1553 features multiple cross-site scripting (XSS) vulnerabilities.
Can CVE-2009-1553 lead to data theft?
Yes, CVE-2009-1553 can potentially lead to data theft through malicious script injection.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- canonical/glassfish
- version/glassfish/2.1