Signature Detail
Short Name |
HTTP:XSS:SUN-JAVA-CALENDAR |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sun Java System Calendar Server Cross Site Scripting |
Release Date |
2014/11/26 |
Update Number |
2445 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Sun Java System Calendar Server Cross Site Scripting
This signature detects attempts to exploit a known cross site scripting vulnerability in Sun Java System. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
Affected Products
- sun java_system_calendar_server 6 (-)
- sun java_system_calendar_server 6.3 (-)
- sun java_system_calendar_server 6.3 (-:linux)
- sun java_system_calendar_server 6.3 (-:sparc)
- sun java_system_calendar_server 6.3 (-:x86)
- sun java_system_calendar_server 6 (-:linux)
- sun java_system_calendar_server 6 (-:sparc)
- sun java_system_calendar_server 6 (-:x86)
- sun one_calendar_server 6.0 (-)
- sun one_calendar_server 6.0 (-:linux)
- sun one_calendar_server 6.0 (-:sparc)
- sun one_calendar_server 6.0 (-:x86)
References
- BugTraq: 34152
- BugTraq: 34153
- CVE: CVE-2009-1218