CVE-2009-1554

NONECVSS 0.0

0.0

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

🔗 References (18)

cve@mitrehttp://dsecrg.com/pages/vul/show.php?id=138
cve@mitrehttp://osvdb.org/54220
cve@mitrehttp://secunia.com/advisories/35006
cve@mitrehttp://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
cve@mitrehttp://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
cve@mitrehttp://www.securityfocus.com/archive/1/503239/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/34829
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/50336
cve@mitrehttps://woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041
af854a3a-2127-422b-91ae-364da2661108http://dsecrg.com/pages/vul/show.php?id=138
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54220
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35006
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
af854a3a-2127-422b-91ae-364da2661108http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/503239/100/0/threaded

Is Your Infrastructure Affected by CVE-2009-1554?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-1554

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-1554?