CVE-2007-3503

HTML files generated with Javadoc are vulnerable to a XSS

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

La herramienta Javadoc en Sun JDK 6 y JDK 5.0 Update 11 puede generar páginas de documentación HTML que contienen vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), las cuales permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-06-29 CVE Reserved
2007-06-30 CVE Published
2024-08-07 CVE Updated
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (26)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=307177	Third Party Advisory
http://osvdb.org/36488	Broken Link
http://secunia.com/advisories/25769	Third Party Advisory
http://secunia.com/advisories/26314	Third Party Advisory
http://secunia.com/advisories/26369	Third Party Advisory
http://secunia.com/advisories/26631	Third Party Advisory
http://secunia.com/advisories/26645	Third Party Advisory
http://secunia.com/advisories/26933	Third Party Advisory
http://secunia.com/advisories/27203	Third Party Advisory
http://secunia.com/advisories/28115	Third Party Advisory
http://www.securityfocus.com/bid/24690	Third Party Advisory
http://www.securitytracker.com/id?1018327	Third Party Advisory
http://www.vupen.com/english/advisories/2007/2383	Third Party Advisory
http://www.vupen.com/english/advisories/2007/3009	Third Party Advisory
http://www.vupen.com/english/advisories/2007/4224	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35168	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10704	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://dev2dev.bea.com/pub/advisory/248	2018-10-26
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	2018-10-26
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1	2018-10-26
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml	2018-10-26
http://www.redhat.com/support/errata/RHSA-2007-0818.html	2018-10-26
http://www.redhat.com/support/errata/RHSA-2007-0829.html	2018-10-26
http://www.redhat.com/support/errata/RHSA-2007-0956.html	2018-10-26
https://access.redhat.com/security/cve/CVE-2007-3503	2007-10-16
https://bugzilla.redhat.com/show_bug.cgi?id=246765	2007-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.5.0 Search vendor "Oracle" for product "Jdk" and version "1.5.0"		update11		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0"		-		Affected