CVE-2008-2166

Published May 13, 2008

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:aix:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8E7D327-AB45-4DDC-A6B5-4A413B76440F"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:hp_ux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5318A317-0981-4A5D-9468-50E08219312B"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A695E901-4FFF-4660-B49E-D7CB139536D3"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24754087-DC84-4B0B-BBDE-70D288AFC901"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCFD3C8D-6E79-4DA6-A600-D952C8E5A151"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E496C0-438E-4262-A54B-3CB69C4A88C5"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References