Overview
Web Servers that use the Allaire JRun Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or script(JavaScript, VBScript, Java, etc.) in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user.
Description
It is possible to use a "cross-site" scripting technique to inject malicious script (JavaScript, VBScript, etc.) or HTML into a web page. Several server applications are vulnerable to such an technique via various default error pages. |
Impact
The victim will be presented with information which the compromised site did not wish their visitors to be subjected. This could be used to "sniff" sensitive data from within the web page, including passwords, credit card numbers, and any arbitrary information the user inputs. |
Solution
Install the proper JRun patch:
|
A web master may change the default error page to not include the file name passed in by any user. The client may disable JavaScript (or VBScript or other scripting languages), but it doesn't address the problem of simply inserting malicious HTML, and it can cause undesired functionality. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://www.securityfocus.com/bid/2983
- http://securitytracker.com/alerts/2001/Jun/1001771.html
- http://www.allaire.com/handlers/index.cfm?ID=21498&Method=Full
- http://www.cert.org/advisories/CA-2000-02.html
- http://www.microsoft.com/TechNet/security/crssite.asp
- http://www.apache.org/info/css-security/
- http://www.microsoft.com/technet/security/bulletin/ms00-060.asp
Acknowledgements
Our thanks to Hiromitsu Takagi, who discovered this instance of the cross-site scripting vulnerability.
This document was originally written by Shawn Hernan in July 2000. It has been adapted for this instance by Jason Rafail.
Other Information
CVE IDs: | None |
Severity Metric: | 59.06 |
Date Public: | 2001-07-02 |
Date First Published: | 2001-07-27 |
Date Last Updated: | 2001-07-30 18:58 UTC |
Document Revision: | 14 |