Vulnerabilities > CVE-2007-2904 - Cross-Site Scripting vulnerability in Java System Messaging Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_120228.NASL description Messaging Server 6.3-16.01: core patch. Date this patch was last updated by Sun : Nov/30/11 last seen 2020-06-01 modified 2020-06-02 plugin id 25398 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25398 title Solaris 9 (sparc) : 120228-45 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(25398); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2007-2904", "CVE-2011-0411"); script_name(english:"Solaris 9 (sparc) : 120228-45"); script_summary(english:"Check for patch 120228-45"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120228-45" ); script_set_attribute( attribute:"description", value: "Messaging Server 6.3-16.01: core patch. Date this patch was last updated by Sun : Nov/30/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120228-45" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgco", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgmp", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsglb", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgwm", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgmt", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgin", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgen", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgst", version:"6.0,REV=2003.10.29") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120228-45", obsoleted_by:"", package:"SUNWmsgmf", version:"6.0,REV=2003.10.29") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_120228.NASL description Messaging Server 6.3-16.01: core patch. Date this patch was last updated by Sun : Nov/30/11 This plugin has been deprecated and either replaced with individual 120228 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25386 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25386 title Solaris 10 (sparc) : 120228-45 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(25386); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2007-2904", "CVE-2011-0411"); script_name(english:"Solaris 10 (sparc) : 120228-45 (deprecated)"); script_summary(english:"Check for patch 120228-45"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Messaging Server 6.3-16.01: core patch. Date this patch was last updated by Sun : Nov/30/11 This plugin has been deprecated and either replaced with individual 120228 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120228-45" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120228 instead.");