Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for woodstock by sun

    CVE-2009-1554 (GCVE-0-2009-1554)

    Vulnerability from nvd – Published: 2009-05-06 16:00 – Updated: 2024-08-07 05:20
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nabble.com/-DSECRG--Sun-Glassfish-Mult… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/34829 vdb-entryx_refsource_BID
    http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/archive/1/503239/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/35006 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/54220 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://woodstock.dev.java.net/servlets/ReadMsg?l… mailing-listx_refsource_MLIST
    http://dsecrg.com/pages/vul/show.php?id=138 x_refsource_MISC
    Date Public
    2009-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:33.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
              },
              {
                "name": "34829",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34829"
              },
              {
                "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
              },
              {
                "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
              },
              {
                "name": "35006",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35006"
              },
              {
                "name": "54220",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54220"
              },
              {
                "name": "woodstock-404page-xss(50336)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
              },
              {
                "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://dsecrg.com/pages/vul/show.php?id=138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
            },
            {
              "name": "34829",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34829"
            },
            {
              "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
            },
            {
              "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
            },
            {
              "name": "35006",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35006"
            },
            {
              "name": "54220",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54220"
            },
            {
              "name": "woodstock-404page-xss(50336)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
            },
            {
              "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://dsecrg.com/pages/vul/show.php?id=138"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1554",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
                },
                {
                  "name": "34829",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34829"
                },
                {
                  "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
                },
                {
                  "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
                },
                {
                  "name": "35006",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35006"
                },
                {
                  "name": "54220",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54220"
                },
                {
                  "name": "woodstock-404page-xss(50336)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
                },
                {
                  "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
                  "refsource": "MLIST",
                  "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
                },
                {
                  "name": "http://dsecrg.com/pages/vul/show.php?id=138",
                  "refsource": "MISC",
                  "url": "http://dsecrg.com/pages/vul/show.php?id=138"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1554",
        "datePublished": "2009-05-06T16:00:00.000Z",
        "dateReserved": "2009-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:20:33.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1554 (GCVE-0-2009-1554)

    Vulnerability from cvelistv5 – Published: 2009-05-06 16:00 – Updated: 2024-08-07 05:20
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nabble.com/-DSECRG--Sun-Glassfish-Mult… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/34829 vdb-entryx_refsource_BID
    http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/archive/1/503239/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/35006 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/54220 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://woodstock.dev.java.net/servlets/ReadMsg?l… mailing-listx_refsource_MLIST
    http://dsecrg.com/pages/vul/show.php?id=138 x_refsource_MISC
    Date Public
    2009-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:33.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
              },
              {
                "name": "34829",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34829"
              },
              {
                "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
              },
              {
                "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
              },
              {
                "name": "35006",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35006"
              },
              {
                "name": "54220",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54220"
              },
              {
                "name": "woodstock-404page-xss(50336)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
              },
              {
                "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://dsecrg.com/pages/vul/show.php?id=138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
            },
            {
              "name": "34829",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34829"
            },
            {
              "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
            },
            {
              "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
            },
            {
              "name": "35006",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35006"
            },
            {
              "name": "54220",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54220"
            },
            {
              "name": "woodstock-404page-xss(50336)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
            },
            {
              "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://dsecrg.com/pages/vul/show.php?id=138"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1554",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
                },
                {
                  "name": "34829",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34829"
                },
                {
                  "name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
                  "refsource": "MLIST",
                  "url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
                },
                {
                  "name": "20090505 [DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/503239/100/0/threaded"
                },
                {
                  "name": "35006",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35006"
                },
                {
                  "name": "54220",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54220"
                },
                {
                  "name": "woodstock-404page-xss(50336)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50336"
                },
                {
                  "name": "[cvs] 20090321 CVS update: /woodstock/webui/src/runtime/com/sun/webui/theme/ThemeServlet.java",
                  "refsource": "MLIST",
                  "url": "https://woodstock.dev.java.net/servlets/ReadMsg?list=cvs\u0026msgNo=4041"
                },
                {
                  "name": "http://dsecrg.com/pages/vul/show.php?id=138",
                  "refsource": "MISC",
                  "url": "http://dsecrg.com/pages/vul/show.php?id=138"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1554",
        "datePublished": "2009-05-06T16:00:00.000Z",
        "dateReserved": "2009-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:20:33.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }