CVE-2008-2518

Published Jun 3, 2008

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F79805E6-ED7E-4BD1-9A2F-2D3B23B05981"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F44ABA9C-D281-4C9D-A313-013F82E5BFB8"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60712BCA-1AE2-4F19-B8EF-462A1F0BDED3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References