Description
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SPI Labs · textremotewindows
https://www.exploit-db.com/exploits/22665
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://www.spidynamics.com/sunone_alert.html
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/12095.php
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605
Patch, Vendor Advisory third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-103.shtml
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105409846029475&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7710
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1
Scores
EPSS
0.0195
EPSS Percentile
83.6%
Details
Status
published
Products (1)
sun/one_application_server
7.0
Published
Jun 30, 2003
Tracked Since
Feb 18, 2026