CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-1554

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.3%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2009-1554

Oracle » Glassfish Server » Version: 1.0

cpe:2.3:a:oracle:glassfish_server:1.0
Oracle » Glassfish Server » Version: 2.0

cpe:2.3:a:oracle:glassfish_server:2.0
Oracle » Glassfish Server » Version: 2.1

cpe:2.3:a:oracle:glassfish_server:2.1
Oracle » Glassfish Server » Version: 2.1.1

cpe:2.3:a:oracle:glassfish_server:2.1.1
Oracle » Glassfish Server » Version: 3.0

cpe:2.3:a:oracle:glassfish_server:3.0
Oracle » Glassfish Server » Version: 3.0.1

cpe:2.3:a:oracle:glassfish_server:3.0.1
Sun » Woodstock » Version: 4.2

cpe:2.3:a:sun:woodstock:4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-1554

Products

Pricing

Contact Us