OSVDB ID: 64844

Title: Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS

Info

Disclosure

May 21, 2010

Discovery

Jan 30, 2010

Dates

Exploit

Unknown

Solution

Unknown

Description

Apache Axis2/Java contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'modules' parameter upon submission to the 'axis2/axis2-admin/engagingglobally' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version 1.5.2 or higher, to address this vulnerability.

Products

The Apache Software Foundation

Apache Axis2

1.5.1

Juniper Networks, Inc.

Network and Security Manager

2012.2R1
2012.1R5
2011.4S8
2010.3S11

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/64844