First published: Mon Oct 14 2013(Updated: )
A flaw was found in the way javadoc (Java API Documentation Generator) created a JavaScript code used to set browser window title when navigating between pages of the generated API documentation. An input from user was not properly escaped before being used as part of the JavaScript string. A specially crafted input could "break out" of the JS string and execute arbitrary JavaScript in the context of the domain that hosts generated API documentation, allowing a Cross-Site Scripting attacks.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/icedtea | <2.4.3 | 2.4.3 |
redhat/icedtea | <1.11.14 | 1.11.14 |
redhat/icedtea | <1.12.7 | 1.12.7 |
redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 | 1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 |
redhat/java | <1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 | 1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 |
redhat/java | <1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10 | 1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10 |
redhat/java | <1.6.0-openjdk-1:1.6.0.0-1.42.1.11.14.el5_10 | 1.6.0-openjdk-1:1.6.0.0-1.42.1.11.14.el5_10 |
redhat/java | <1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4 | 1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4 |
redhat/java | <1.6.0-openjdk-1:1.6.0.0-1.65.1.11.14.el6_4 | 1.6.0-openjdk-1:1.6.0.0-1.65.1.11.14.el6_4 |
redhat/java | <1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6 | 1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6 |
redhat/java | <1.7.0-oracle-1:1.7.0.45-1jpp.1.el5_10 | 1.7.0-oracle-1:1.7.0.45-1jpp.1.el5_10 |
redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 |
redhat/java | <1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10 | 1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10 |
redhat/java | <1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10 | 1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10 |
redhat/java | <1.7.0-oracle-1:1.7.0.45-1jpp.2.el6_4 | 1.7.0-oracle-1:1.7.0.45-1jpp.2.el6_4 |
redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 |
redhat/java | <1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4 | 1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4 |
redhat/java | <1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4 | 1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4 |
Oracle JDK | <=1.5.0 | |
Oracle JDK | =1.5.0-update36 | |
Oracle JDK | =1.5.0-update38 | |
Oracle JDK | =1.5.0-update40 | |
Oracle JDK | =1.5.0-update41 | |
Oracle JDK | =1.5.0-update45 | |
Sun JDK | =1.5.0 | |
Sun JDK | =1.5.0-update1 | |
Sun JDK | =1.5.0-update10 | |
Sun JDK | =1.5.0-update11 | |
Sun JDK | =1.5.0-update11_b03 | |
Sun JDK | =1.5.0-update12 | |
Sun JDK | =1.5.0-update13 | |
Sun JDK | =1.5.0-update14 | |
Sun JDK | =1.5.0-update15 | |
Sun JDK | =1.5.0-update16 | |
Sun JDK | =1.5.0-update17 | |
Sun JDK | =1.5.0-update18 | |
Sun JDK | =1.5.0-update19 | |
Sun JDK | =1.5.0-update2 | |
Sun JDK | =1.5.0-update20 | |
Sun JDK | =1.5.0-update21 | |
Sun JDK | =1.5.0-update22 | |
Sun JDK | =1.5.0-update23 | |
Sun JDK | =1.5.0-update24 | |
Sun JDK | =1.5.0-update25 | |
Sun JDK | =1.5.0-update26 | |
Sun JDK | =1.5.0-update27 | |
Sun JDK | =1.5.0-update28 | |
Sun JDK | =1.5.0-update29 | |
Sun JDK | =1.5.0-update3 | |
Sun JDK | =1.5.0-update31 | |
Sun JDK | =1.5.0-update33 | |
Sun JDK | =1.5.0-update4 | |
Sun JDK | =1.5.0-update5 | |
Sun JDK | =1.5.0-update6 | |
Sun JDK | =1.5.0-update7 | |
Sun JDK | =1.5.0-update7_b03 | |
Sun JDK | =1.5.0-update8 | |
Sun JDK | =1.5.0-update9 | |
Oracle JDK | <=1.6.0 | |
Oracle JDK | =1.6.0-update22 | |
Oracle JDK | =1.6.0-update23 | |
Oracle JDK | =1.6.0-update24 | |
Oracle JDK | =1.6.0-update25 | |
Oracle JDK | =1.6.0-update26 | |
Oracle JDK | =1.6.0-update27 | |
Oracle JDK | =1.6.0-update29 | |
Oracle JDK | =1.6.0-update30 | |
Oracle JDK | =1.6.0-update31 | |
Oracle JDK | =1.6.0-update32 | |
Oracle JDK | =1.6.0-update33 | |
Oracle JDK | =1.6.0-update34 | |
Oracle JDK | =1.6.0-update35 | |
Oracle JDK | =1.6.0-update37 | |
Oracle JDK | =1.6.0-update38 | |
Oracle JDK | =1.6.0-update39 | |
Oracle JDK | =1.6.0-update41 | |
Oracle JDK | =1.6.0-update43 | |
Oracle JDK | =1.6.0-update45 | |
Oracle JDK | =1.6.0-update51 | |
Sun JDK | =1.6.0 | |
Sun JDK | =1.6.0-update_10 | |
Sun JDK | =1.6.0-update_11 | |
Sun JDK | =1.6.0-update_12 | |
Sun JDK | =1.6.0-update_13 | |
Sun JDK | =1.6.0-update_14 | |
Sun JDK | =1.6.0-update_15 | |
Sun JDK | =1.6.0-update_16 | |
Sun JDK | =1.6.0-update_17 | |
Sun JDK | =1.6.0-update_18 | |
Sun JDK | =1.6.0-update_19 | |
Sun JDK | =1.6.0-update_20 | |
Sun JDK | =1.6.0-update_21 | |
Sun JDK | =1.6.0-update_3 | |
Sun JDK | =1.6.0-update_4 | |
Sun JDK | =1.6.0-update_5 | |
Sun JDK | =1.6.0-update_6 | |
Sun JDK | =1.6.0-update_7 | |
Sun JDK | =1.6.0-update1 | |
Sun JDK | =1.6.0-update1_b06 | |
Sun JDK | =1.6.0-update2 | |
Oracle Javafx | <=2.2.40 | |
Oracle Javafx | =2.0 | |
Oracle Javafx | =2.0.2 | |
Oracle Javafx | =2.0.3 | |
Oracle Javafx | =2.1 | |
Oracle Javafx | =2.2 | |
Oracle Javafx | =2.2.3 | |
Oracle Javafx | =2.2.4 | |
Oracle Javafx | =2.2.5 | |
Oracle Javafx | =2.2.7 | |
Oracle Javafx | =2.2.21 | |
Oracle JRE | <=1.6.0 | |
Oracle JRE | =1.6.0-update22 | |
Oracle JRE | =1.6.0-update23 | |
Oracle JRE | =1.6.0-update24 | |
Oracle JRE | =1.6.0-update25 | |
Oracle JRE | =1.6.0-update26 | |
Oracle JRE | =1.6.0-update27 | |
Oracle JRE | =1.6.0-update29 | |
Oracle JRE | =1.6.0-update30 | |
Oracle JRE | =1.6.0-update31 | |
Oracle JRE | =1.6.0-update32 | |
Oracle JRE | =1.6.0-update33 | |
Oracle JRE | =1.6.0-update34 | |
Oracle JRE | =1.6.0-update35 | |
Oracle JRE | =1.6.0-update37 | |
Oracle JRE | =1.6.0-update38 | |
Oracle JRE | =1.6.0-update39 | |
Oracle JRE | =1.6.0-update41 | |
Oracle JRE | =1.6.0-update43 | |
Oracle JRE | =1.6.0-update45 | |
Oracle JRE | =1.6.0-update51 | |
Sun JRE | =1.6.0 | |
Sun JRE | =1.6.0-update_1 | |
Sun JRE | =1.6.0-update_10 | |
Sun JRE | =1.6.0-update_11 | |
Sun JRE | =1.6.0-update_12 | |
Sun JRE | =1.6.0-update_13 | |
Sun JRE | =1.6.0-update_14 | |
Sun JRE | =1.6.0-update_15 | |
Sun JRE | =1.6.0-update_16 | |
Sun JRE | =1.6.0-update_17 | |
Sun JRE | =1.6.0-update_18 | |
Sun JRE | =1.6.0-update_19 | |
Sun JRE | =1.6.0-update_2 | |
Sun JRE | =1.6.0-update_20 | |
Sun JRE | =1.6.0-update_21 | |
Sun JRE | =1.6.0-update_3 | |
Sun JRE | =1.6.0-update_4 | |
Sun JRE | =1.6.0-update_5 | |
Sun JRE | =1.6.0-update_6 | |
Sun JRE | =1.6.0-update_7 | |
Sun JRE | =1.6.0-update_9 | |
Oracle JRE | <=1.7.0 | |
Oracle JRE | =1.7.0 | |
Oracle JRE | =1.7.0-update1 | |
Oracle JRE | =1.7.0-update10 | |
Oracle JRE | =1.7.0-update11 | |
Oracle JRE | =1.7.0-update13 | |
Oracle JRE | =1.7.0-update15 | |
Oracle JRE | =1.7.0-update17 | |
Oracle JRE | =1.7.0-update2 | |
Oracle JRE | =1.7.0-update21 | |
Oracle JRE | =1.7.0-update25 | |
Oracle JRE | =1.7.0-update3 | |
Oracle JRE | =1.7.0-update4 | |
Oracle JRE | =1.7.0-update5 | |
Oracle JRE | =1.7.0-update6 | |
Oracle JRE | =1.7.0-update7 | |
Oracle JRE | =1.7.0-update9 | |
Oracle JDK | <=1.7.0 | |
Oracle JDK | =1.7.0 | |
Oracle JDK | =1.7.0-update1 | |
Oracle JDK | =1.7.0-update10 | |
Oracle JDK | =1.7.0-update11 | |
Oracle JDK | =1.7.0-update13 | |
Oracle JDK | =1.7.0-update15 | |
Oracle JDK | =1.7.0-update17 | |
Oracle JDK | =1.7.0-update2 | |
Oracle JDK | =1.7.0-update21 | |
Oracle JDK | =1.7.0-update25 | |
Oracle JDK | =1.7.0-update3 | |
Oracle JDK | =1.7.0-update4 | |
Oracle JDK | =1.7.0-update5 | |
Oracle JDK | =1.7.0-update6 | |
Oracle JDK | =1.7.0-update7 | |
Oracle JDK | =1.7.0-update9 | |
Oracle JRockit | <=r28.2.8 | |
Oracle JRockit | =r28.0.0 | |
Oracle JRockit | =r28.0.1 | |
Oracle JRockit | =r28.0.2 | |
Oracle JRockit | =r28.1.0 | |
Oracle JRockit | =r28.1.1 | |
Oracle JRockit | =r28.1.3 | |
Oracle JRockit | =r28.1.4 | |
Oracle JRockit | =r28.1.5 | |
Oracle JRockit | =r28.2.2 | |
Oracle JRockit | =r28.2.3 | |
Oracle JRockit | =r28.2.4 | |
Oracle JRockit | =r28.2.5 | |
Oracle JRockit | =r28.2.6 | |
Oracle JRE | <=1.5.0 | |
Oracle JRE | =1.5.0-update36 | |
Oracle JRE | =1.5.0-update38 | |
Oracle JRE | =1.5.0-update40 | |
Oracle JRE | =1.5.0-update41 | |
Oracle JRE | =1.5.0-update45 | |
Sun JRE | =1.5.0 | |
Sun JRE | =1.5.0-update1 | |
Sun JRE | =1.5.0-update10 | |
Sun JRE | =1.5.0-update11 | |
Sun JRE | =1.5.0-update12 | |
Sun JRE | =1.5.0-update13 | |
Sun JRE | =1.5.0-update14 | |
Sun JRE | =1.5.0-update15 | |
Sun JRE | =1.5.0-update16 | |
Sun JRE | =1.5.0-update17 | |
Sun JRE | =1.5.0-update18 | |
Sun JRE | =1.5.0-update19 | |
Sun JRE | =1.5.0-update2 | |
Sun JRE | =1.5.0-update20 | |
Sun JRE | =1.5.0-update21 | |
Sun JRE | =1.5.0-update22 | |
Sun JRE | =1.5.0-update23 | |
Sun JRE | =1.5.0-update24 | |
Sun JRE | =1.5.0-update25 | |
Sun JRE | =1.5.0-update26 | |
Sun JRE | =1.5.0-update27 | |
Sun JRE | =1.5.0-update28 | |
Sun JRE | =1.5.0-update29 | |
Sun JRE | =1.5.0-update3 | |
Sun JRE | =1.5.0-update31 | |
Sun JRE | =1.5.0-update33 | |
Sun JRE | =1.5.0-update4 | |
Sun JRE | =1.5.0-update5 | |
Sun JRE | =1.5.0-update6 | |
Sun JRE | =1.5.0-update7 | |
Sun JRE | =1.5.0-update8 | |
Sun JRE | =1.5.0-update9 | |
Oracle JRockit | <=r27.7.6 | |
Oracle JRockit | =r27.7.1 | |
Oracle JRockit | =r27.7.2 | |
Oracle JRockit | =r27.7.3 | |
Oracle JRockit | =r27.7.4 | |
Oracle JRockit | =r27.7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)