CVE-2003-0413

Sun ONE Application Server 7.0 and Java System Web Server 6.1 - Cross-Site Scripting via Invalid JSP File Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0413. PoCs published by SPI Labs.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Sun ONE Application Server by injecting a malicious script into a URL parameter. The script executes in the context of the user's browser when visiting the crafted link.

Description

Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SPI Labs · textremotewindows
https://www.exploit-db.com/exploits/22665

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Sun ONE Application Server by injecting a malicious script into a URL parameter. The script executes in the context of the user's browser when visiting the crafted link.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sun ONE Application Server 6.1, 6.1 Service Pack 1, and 7.0
No auth needed
Prerequisites: Vulnerable Sun ONE Application Server with the 'webapps-simple' sample application enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Various Sources x_refsource_misc
http://www.spidynamics.com/sunone_alert.html
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/12095.php
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605
Patch, Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-103.shtml
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105409846029475&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7710
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1

Scores

EPSS 0.0674
EPSS Percentile 93.1%

Details

Status published
Products (1)
sun/one_application_server 7.0
Published Jun 30, 2003
Tracked Since Feb 18, 2026