Sun JavaDoc Tool 跨站脚本攻击漏洞

漏洞信息详情

Sun JavaDoc Tool 跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200706-545
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-3503
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2007-06-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2007-07-02
  
• 厂        商：
  
  sun
• 漏洞来源：
  The vendor disclos…

Sun JDK 6和JDK 5.0 Update 11中的Javadoc工具会生成包含跨站脚本攻击漏洞的HTML documentation页面，远程攻击者可以借助未明向量，注入任意的web脚本或HTML。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：ftp://ftp.slackware.com/pub/slackware/slackware-12.0/extra/jdk-6/jdk-6u2-i586-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/jre-6u2-i586-1.tgz

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-125139-01-1

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.5.0_11-linux_ia32.tar.gz

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.5.0_11-linux_ia64.tar.gz

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.5.0_11-linux_x86_64.tar.gz

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.5.0_11-solaris_sparcv9.tar.gz

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.6.0_01-linux_ia32.tar.gz

ftp://anonymous:dev2dev%40bea.com@ftpna.bea.com/pub/releases/security/jrockit-jdk1.6.0_01-linux_x86_64.tar.gz

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat=1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg

来源: SUNALERT

名称: 102958

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1

来源: XF

名称: sun-jdk-javadoc-xss(35168)

链接:http://xforce.iss.net/xforce/xfdb/35168

来源: SECTRACK

名称: 1018327

链接:http://www.securitytracker.com/id?1018327

来源: BID

名称: 24690

链接:http://www.securityfocus.com/bid/24690

来源: REDHAT

名称: RHSA-2007:0956

链接:http://www.redhat.com/support/errata/RHSA-2007-0956.html

来源: REDHAT

名称: RHSA-2007:0829

链接:http://www.redhat.com/support/errata/RHSA-2007-0829.html

来源: REDHAT

名称: RHSA-2007:0818

链接:http://www.redhat.com/support/errata/RHSA-2007-0818.html

来源: GENTOO

名称: GLSA-200709-15

链接:http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

来源: VUPEN

名称: ADV-2007-4224

链接:http://www.frsirt.com/english/advisories/2007/4224

来源: VUPEN

名称: ADV-2007-3009

链接:http://www.frsirt.com/english/advisories/2007/3009

来源: VUPEN

名称: ADV-2007-2383

链接:http://www.frsirt.com/english/advisories/2007/2383

来源: SECUNIA

名称: 28115

链接:http://secunia.com/advisories/28115

来源: SECUNIA

名称: 27203

链接:http://secunia.com/advisories/27203

来源: SECUNIA

名称: 26933

链接:http://secunia.com/advisories/26933

来源: SECUNIA

名称: 26645

链接:http://secunia.com/advisories/26645

来源: SECUNIA

名称: 26631

链接:http://secunia.com/advisories/26631

来源: SECUNIA

名称: 26369

链接:http://secunia.com/advisories/26369

来源: SECUNIA

名称: 26314

链接:http://secunia.com/advisories/26314

来源: SECUNIA

名称: 25769

链接:http://secunia.com/advisories/25769

来源: APPLE

名称: APPLE-SA-2007-12-14

链接:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

来源: MISC

链接:http://docs.info.apple.com/article.html?artnum=307177

来源: BEA

名称: BEA07-177.00

链接:http://dev2dev.bea.com/pub/advisory/248