QwikSec

Security Database

CVE

CWE

Training

CVE-2009-1554

Published: May 6, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities

mailing-list

x_refsource_MLIST

20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

woodstock-404page-xss(50336)

vdb-entry

x_refsource_XF

[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java

mailing-list

x_refsource_MLIST

http://dsecrg.com/pages/vul/show.php?id=138

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.