Intrusion Prevention

Sun.Java.Communications.Express.HTML.Injection

Description

This indicates an attack attempt against multiple HTML injection vulnerabilities in Sun Java System Communications Express.
The vulnerability is caused by the software's failure to sufficiently sanitize user supplied data. It allows a remote attacker to run attacker-supplied HTML or JavaScript code in the context of the affected site.

Affected Products

Sun Java System Communications Express 6.3 and prior versions.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to a newer version.

CVE References

CVE-2009-0877