Sun Java System Portal Server Portlets跨站脚本漏洞

BUGTRAQ ID: 30738 CNCAN ID：CNCAN-2008081909 Sun Java System Portal Server是一款与J2EE平台兼容的应用服务器。 Sun Java System Portal Server绑定的部分Portlets存在跨站脚本问题，远程攻击者可以利用漏洞在用户WEB浏览器上执行任意脚本代码。 目前没有详细漏洞细节提供。 Sun Java System Portal Server 7.1 Sun Java System Portal Server 7.0 Sun Java System Portal Server 7 可参考如下补丁： Sun Java System Portal Server 7.1 Sun 124301-10 for SPARC <a href=http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-10-1 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=1-21-124301-10-1</a> Sun 124302-10 for x86 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -124302-10-1 Sun 124303-11 for linux <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -124303-11-1 Sun Java System Portal Server 7.0 Sun 121913-19 for SPARC <a href=http://sunsolve.sun.com/search/document.do?assetkey=1-21-121913-19-1 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=1-21-121913-19-1</a> Sun 121914-19 for x86 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -121914-19-1 Sun 121915-19 for linux <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -121915-19-1