Summary
This host is running Oracle iPlanet Web Server and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Please refer below link for updates,
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS
Insight
- Input passed via the 'helpLogoWidth' and 'helpLogoHeight' parameters to admingui/cchelp2/Masthead.jsp (when 'mastheadTitle' is set) and the 'productNameSrc', 'productNameHeight', and 'productNameWidth' parameters to admingui/version/Masthead.jsp is not properly sanitised before being returned to the user.
- Input passed via the 'appName' and 'pathPrefix' parameters to admingui/ cchelp2/Navigator.jsp is not properly sanitised before being returned to the user.
Affected
Oracle iPlanet WebServer 7.0
References
Severity
Classification
-
CVE CVE-2012-0516 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server Multiple Vulnerabilities
- Check for IIS .cnf file leakage
- IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability