Vigil@nce: Sun Java System Web Server, Cross Site Scripting of the Reverse Proxy
June 2009 by Vigil@nce
An attacker can generate a Cross Site Scripting in the Reverse
Proxy plug-in of Sun Java System Web Server.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/06/2009
IMPACTED PRODUCTS
– Sun Java System Web Server
DESCRIPTION OF THE VULNERABILITY
The Reverse Proxy plug-in (libpassthrough) of Sun Java System Web
Server is used as a front end to filter accesses to the web server.
Sun announced a Cross Site Scripting in the Reverse Proxy plug-in.
Technical details are unknown.
An attacker can therefore execute JavaScript code in the context
of the web site.
CHARACTERISTICS
Identifiers: 259588, 6754095, BID-35204, CVE-2009-1934,
VIGILANCE-VUL-8764