4.3

CVE-2007-3503

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJdk Version1.5.0 Updateupdate11
OracleJdk Version1.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.05% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://docs.info.apple.com/article.html?artnum=307177
Third Party Advisory
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/28115
Third Party Advisory
http://www.vupen.com/english/advisories/2007/4224
Third Party Advisory
http://secunia.com/advisories/26645
Third Party Advisory
http://secunia.com/advisories/27203
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0956.html
Third Party Advisory
http://secunia.com/advisories/26369
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0829.html
Third Party Advisory
http://dev2dev.bea.com/pub/advisory/248
Third Party Advisory
http://secunia.com/advisories/26631
Third Party Advisory
http://secunia.com/advisories/26933
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
Third Party Advisory
http://www.vupen.com/english/advisories/2007/3009
Third Party Advisory
http://osvdb.org/36488
Broken Link
http://secunia.com/advisories/25769
Third Party Advisory
http://secunia.com/advisories/26314
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0818.html
Third Party Advisory
http://www.securityfocus.com/bid/24690
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018327
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/2383
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35168
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704
Third Party Advisory