kjkoster
02-12-2008, 11:02
Dear All,
An XSS vulnerability may have been found in configuration/httpListenerEdit.jsf (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5266) in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs.
This vulnerability was first reported by Eduardo Neves a.k.a _eth0_ (http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/) (in a bizarre mix of code, English and Portuguese).
There are no patches yet, and the advisory is currently under review. It may or may not become an actual advisory.
Kees Jan
An XSS vulnerability may have been found in configuration/httpListenerEdit.jsf (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5266) in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs.
This vulnerability was first reported by Eduardo Neves a.k.a _eth0_ (http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/) (in a bizarre mix of code, English and Portuguese).
There are no patches yet, and the advisory is currently under review. It may or may not become an actual advisory.
Kees Jan