Sun JDK JavaDoc Cross-Site Scripting Vulnerability - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Sun JDK JavaDoc Cross-Site Scripting Vulnerability

Secunia Advisory:	SA25769
Release Date:	2007-06-29
Last Update:	2007-07-04

Critical:	Less critical
Impact:	Cross Site Scripting
Where:	From remote
Solution Status:	Vendor Patch

Software:	Sun Java JDK 1.5.x Sun Java JDK 1.6.x

CVE reference:	CVE-2007-3503 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: A vulnerability has been reported in Sun JavaDoc, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to an error when generating HTML documentation pages and can potentially be exploited to conduct cross-site scripting attacks on a website that hosts the generated documentation. The vulnerability affects JDK 6 and JDK 5.0 Update 11 and earlier for Solaris, Linux, and Windows. Solution: Apply updates and regenerate any "index.html" page that was generated with an affected version. JDK 6: Update to JDK 6 Update 1 or later. http://java.sun.com/javase/downloads/index.jsp JDK 5.0: Update to JDK 5.0 Update 12 or later. http://java.sun.com/javase/downloads/index_jdk5.jsp Provided and/or discovered by: The vendor credits Martin Straka. Changelog: 2007-07-04: Added CVE reference. Original Advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

27 Related Secunia Security Advisories, displaying 10

1. Sun Java JDK / JRE Multiple Vulnerabilities

2. Sun Java JDK / JRE Multiple Vulnerabilities

3. Sun JRE Applet Handling Two Vulnerabilities

4. Sun Java Runtime Environment External XML Entities Security Bypass

5. Sun JRE Applet Handling Vulnerability

6. Sun Java JRE Multiple Vulnerabilities

7. Sun JRE Font Parsing Vulnerability

8. Sun Java JRE/JDK Processing of XSLT Stylesheets in XML Signatures Vulnerability

9. Java JRE/JDK JSSE DoS and Untrusted Applets Network Security Bypass

10. Sun Java Web Start JNLP File Processing Buffer Overflow

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Novell eDirectory Multiple Vulnerabilities

2.	dotProject SQL Injection and Cross-Site Scripting

3.	phpBB BBcode Script Insertion Vulnerability

4.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

5.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

6.	geo-* Insecure Temporary Files

7.	Adium MSN SLP Message Integer Overflow Vulnerabilities

8.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

9.	GpsDrive "geo-code" Insecure Temporary Files

10.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities