All the vulnerabilites related to sun - java_system_application_server
cve-2007-4025
Vulnerability from cvelistv5
Published
2007-07-26 19:00
Modified
2024-08-07 14:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25058 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37250 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35579 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1018452 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/26187 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/2647 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25058"
},
{
"name": "37250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37250"
},
{
"name": "103000",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1"
},
{
"name": "sunjava-windows-source-disclosure(35579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579"
},
{
"name": "1018452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018452"
},
{
"name": "201537",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1"
},
{
"name": "26187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26187"
},
{
"name": "ADV-2007-2647",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25058"
},
{
"name": "37250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37250"
},
{
"name": "103000",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1"
},
{
"name": "sunjava-windows-source-disclosure(35579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579"
},
{
"name": "1018452",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018452"
},
{
"name": "201537",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1"
},
{
"name": "26187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26187"
},
{
"name": "ADV-2007-2647",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25058"
},
{
"name": "37250",
"refsource": "OSVDB",
"url": "http://osvdb.org/37250"
},
{
"name": "103000",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1"
},
{
"name": "sunjava-windows-source-disclosure(35579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579"
},
{
"name": "1018452",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018452"
},
{
"name": "201537",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1"
},
{
"name": "26187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26187"
},
{
"name": "ADV-2007-2647",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4025",
"datePublished": "2007-07-26T19:00:00",
"dateReserved": "2007-07-26T00:00:00",
"dateUpdated": "2024-08-07T14:37:06.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4511
Vulnerability from cvelistv5
Published
2007-08-23 19:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45828 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25400 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36169 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/477315/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45828"
},
{
"name": "25400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25400"
},
{
"name": "sun-applicationserver-ssl-weak-security(36169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36169"
},
{
"name": "20070822 Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477315/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45828",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45828"
},
{
"name": "25400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25400"
},
{
"name": "sun-applicationserver-ssl-weak-security(36169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36169"
},
{
"name": "20070822 Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477315/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45828",
"refsource": "OSVDB",
"url": "http://osvdb.org/45828"
},
{
"name": "25400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25400"
},
{
"name": "sun-applicationserver-ssl-weak-security(36169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36169"
},
{
"name": "20070822 Encryption Weakness in Sun Sun AS 9.0_0.1 (build b02-p01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477315/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4511",
"datePublished": "2007-08-23T19:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5266
Vulnerability from cvelistv5
Published
2008-11-28 18:26
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/4659 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/493243/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47029 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30604 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29646 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4659",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4659"
},
{
"name": "20080610 XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493243/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/"
},
{
"name": "glassfish-httplisteneredit-xss(47029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47029"
},
{
"name": "30604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30604"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4659",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4659"
},
{
"name": "20080610 XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493243/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/"
},
{
"name": "glassfish-httplisteneredit-xss(47029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47029"
},
{
"name": "30604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30604"
},
{
"name": "29646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4659",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4659"
},
{
"name": "20080610 XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493243/100/0/threaded"
},
{
"name": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/",
"refsource": "MISC",
"url": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/"
},
{
"name": "glassfish-httplisteneredit-xss(47029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47029"
},
{
"name": "30604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30604"
},
{
"name": "29646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5266",
"datePublished": "2008-11-28T18:26:00",
"dateReserved": "2008-11-28T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2501
Vulnerability from cvelistv5
Published
2006-05-20 02:59
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18035 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016125 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26550 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20147 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016126 | vdb-entry, x_refsource_SECTRACK | |
| http://jvn.jp/jp/JVN%2303D5EAA8/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.vupen.com/english/advisories/2006/1866 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/114956 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2501",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0826
Vulnerability from cvelistv5
Published
2004-09-02 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11015 | vdb-entry, x_refsource_BID | |
| http://xforce.iss.net/xforce/alerts/id/180 | third-party-advisory, x_refsource_ISS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109351293827731&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0826",
"datePublished": "2004-09-02T04:00:00",
"dateReserved": "2004-08-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3155
Vulnerability from cvelistv5
Published
2012-10-16 23:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/56073 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1027676 | vdb-entry, x_refsource_SECTRACK | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:49.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "56073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56073"
},
{
"name": "1027676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027676"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "56073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56073"
},
{
"name": "1027676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027676"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "56073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56073"
},
{
"name": "1027676",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027676"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-3155",
"datePublished": "2012-10-16T23:00:00",
"dateReserved": "2012-06-06T00:00:00",
"dateUpdated": "2024-08-06T19:57:49.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5153
Vulnerability from cvelistv5
Published
2007-10-01 00:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2007/3282 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://securitytracker.com/id?1018753 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/37757 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36847 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/26976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25842 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:40.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103069",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "1018753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018753"
},
{
"name": "37757",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37757"
},
{
"name": "sun-jsam-container-code-execution(36847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36847"
},
{
"name": "26976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103069",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "1018753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018753"
},
{
"name": "37757",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37757"
},
{
"name": "sun-jsam-container-code-execution(36847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36847"
},
{
"name": "26976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103069",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "1018753",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018753"
},
{
"name": "37757",
"refsource": "OSVDB",
"url": "http://osvdb.org/37757"
},
{
"name": "sun-jsam-container-code-execution(36847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36847"
},
{
"name": "26976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5153",
"datePublished": "2007-10-01T00:00:00",
"dateReserved": "2007-09-30T00:00:00",
"dateUpdated": "2024-08-07T15:24:40.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0386
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "200942",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-25T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "200942",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "200942",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0386",
"datePublished": "2010-01-25T19:00:00Z",
"dateReserved": "2010-01-25T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:21.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3225
Vulnerability from cvelistv5
Published
2006-06-26 16:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/20835 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18635 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2006/2508 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1016378 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27392 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20835"
},
{
"name": "18635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18635"
},
{
"name": "102479",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"
},
{
"name": "ADV-2006-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2508"
},
{
"name": "1016378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016378"
},
{
"name": "sun-java-parameters-xss(27392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20835"
},
{
"name": "18635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18635"
},
{
"name": "102479",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"
},
{
"name": "ADV-2006-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2508"
},
{
"name": "1016378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016378"
},
{
"name": "sun-java-parameters-xss(27392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20835"
},
{
"name": "18635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18635"
},
{
"name": "102479",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"
},
{
"name": "ADV-2006-2508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2508"
},
{
"name": "1016378",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016378"
},
{
"name": "sun-java-parameters-xss(27392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3225",
"datePublished": "2006-06-26T16:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3715
Vulnerability from cvelistv5
Published
2007-07-11 23:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/473552/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/26023 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/473553/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35335 | vdb-entry, x_refsource_XF | |
| http://www.isecpartners.com/advisories/2007-04-dsig.txt | x_refsource_MISC | |
| http://osvdb.org/37248 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24850 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/2493 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2007/2785 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"name": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf",
"refsource": "MISC",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"name": "http://www.isecpartners.com/advisories/2007-04-dsig.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"refsource": "OSVDB",
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3715",
"datePublished": "2007-07-11T23:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0807
Vulnerability from cvelistv5
Published
2011-04-20 03:09
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/8327 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "8327",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "8327",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "8327",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2011-0807",
"datePublished": "2011-04-20T03:09:00",
"dateReserved": "2011-02-04T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5152
Vulnerability from cvelistv5
Published
2007-10-01 00:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2007/3282 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36846 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37758 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018753 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/26976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25842 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:41.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103069",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "sun-jsam-container-security-bypass(36846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36846"
},
{
"name": "37758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37758"
},
{
"name": "1018753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018753"
},
{
"name": "26976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103069",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "sun-jsam-container-security-bypass(36846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36846"
},
{
"name": "37758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37758"
},
{
"name": "1018753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018753"
},
{
"name": "26976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103069",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"name": "ADV-2007-3282",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"name": "200839",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"name": "sun-jsam-container-security-bypass(36846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36846"
},
{
"name": "37758",
"refsource": "OSVDB",
"url": "http://osvdb.org/37758"
},
{
"name": "1018753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018753"
},
{
"name": "26976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26976"
},
{
"name": "25842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5152",
"datePublished": "2007-10-01T00:00:00",
"dateReserved": "2007-09-30T00:00:00",
"dateUpdated": "2024-08-07T15:24:41.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2216
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/11383 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securityfocus.com/bid/11593 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17941 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/13072 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:12.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2216",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:12.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2120
Vulnerability from cvelistv5
Published
2008-05-09 15:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019986 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1019985 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30122 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1457/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29088 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2120",
"datePublished": "2008-05-09T15:00:00",
"dateReserved": "2008-05-09T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0278
Vulnerability from cvelistv5
Published
2009-01-27 02:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/51604 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/0208 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48161 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33397 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33725 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1 | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51604"
},
{
"name": "ADV-2009-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0208"
},
{
"name": "javasystem-webinf-metainf-info-disclosure(48161)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48161"
},
{
"name": "33397",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33397"
},
{
"name": "33725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33725"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1"
},
{
"name": "245446",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51604"
},
{
"name": "ADV-2009-0208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0208"
},
{
"name": "javasystem-webinf-metainf-info-disclosure(48161)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48161"
},
{
"name": "33397",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33397"
},
{
"name": "33725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33725"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1"
},
{
"name": "245446",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51604",
"refsource": "OSVDB",
"url": "http://osvdb.org/51604"
},
{
"name": "ADV-2009-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0208"
},
{
"name": "javasystem-webinf-metainf-info-disclosure(48161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48161"
},
{
"name": "33397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33397"
},
{
"name": "33725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33725"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1"
},
{
"name": "245446",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0278",
"datePublished": "2009-01-27T02:00:00",
"dateReserved": "2009-01-26T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6276
Vulnerability from cvelistv5
Published
2006-12-04 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/23186 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1017324 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30662 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4793 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/21371 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017323 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1017322 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102733",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102733",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102733",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6276",
"datePublished": "2006-12-04T11:00:00",
"dateReserved": "2006-12-03T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4805
Vulnerability from cvelistv5
Published
2006-05-25 10:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17164 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15084 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1015047 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/19950 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17164"
},
{
"name": "15084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15084"
},
{
"name": "1015047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015047"
},
{
"name": "19950",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19950"
},
{
"name": "101910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-25T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17164"
},
{
"name": "15084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15084"
},
{
"name": "1015047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015047"
},
{
"name": "19950",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19950"
},
{
"name": "101910",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17164"
},
{
"name": "15084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15084"
},
{
"name": "1015047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015047"
},
{
"name": "19950",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19950"
},
{
"name": "101910",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4805",
"datePublished": "2006-05-25T10:00:00Z",
"dateReserved": "2006-05-25T00:00:00Z",
"dateUpdated": "2024-09-17T02:52:20.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0742
Vulnerability from cvelistv5
Published
2005-03-13 05:00
Modified
2024-08-07 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/12775 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12775"
},
{
"name": "57742",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"name": "200314",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12775"
},
{
"name": "57742",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"name": "200314",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12775"
},
{
"name": "57742",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"name": "200314",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0742",
"datePublished": "2005-03-13T05:00:00",
"dateReserved": "2005-03-13T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4046
Vulnerability from cvelistv5
Published
2005-12-07 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2005/2753 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1015312 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/15728 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/17873 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102012",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1"
},
{
"name": "ADV-2005-2753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2753"
},
{
"name": "1015312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015312"
},
{
"name": "15728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15728"
},
{
"name": "17873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and \"compromise data privacy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102012",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1"
},
{
"name": "ADV-2005-2753",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2753"
},
{
"name": "1015312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015312"
},
{
"name": "15728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15728"
},
{
"name": "17873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and \"compromise data privacy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102012",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1"
},
{
"name": "ADV-2005-2753",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2753"
},
{
"name": "1015312",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015312"
},
{
"name": "15728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15728"
},
{
"name": "17873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4046",
"datePublished": "2005-12-07T11:00:00",
"dateReserved": "2005-12-07T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2751
Vulnerability from cvelistv5
Published
2008-06-18 19:29
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/493370/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42989 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/3949 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/29751 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080614 Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493370/100/0/threaded"
},
{
"name": "glassfish-multiple-scripts-xss(42989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42989"
},
{
"name": "3949",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3949"
},
{
"name": "29751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080614 Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493370/100/0/threaded"
},
{
"name": "glassfish-multiple-scripts-xss(42989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42989"
},
{
"name": "3949",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3949"
},
{
"name": "29751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080614 Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493370/100/0/threaded"
},
{
"name": "glassfish-multiple-scripts-xss(42989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42989"
},
{
"name": "3949",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3949"
},
{
"name": "29751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2751",
"datePublished": "2008-06-18T19:29:00",
"dateReserved": "2008-06-18T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3921
Vulnerability from cvelistv5
Published
2006-07-28 23:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22425 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016596 | vdb-entry, x_refsource_SECTRACK | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28061 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/21251 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/19200 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016597 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/3020 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016596"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3921",
"datePublished": "2006-07-28T23:00:00",
"dateReserved": "2006-07-28T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4804
Vulnerability from cvelistv5
Published
2006-05-25 10:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16802 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22261 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2005/1733 | vdb-entry, x_refsource_VUPEN | |
| http://www.ciac.org/ciac/bulletins/p-305.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securityfocus.com/bid/14823 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16802"
},
{
"name": "sun-java-jar-file-information-disclosure(22261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22261"
},
{
"name": "ADV-2005-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1733"
},
{
"name": "P-305",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-305.shtml"
},
{
"name": "101905",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1"
},
{
"name": "14823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14823"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16802"
},
{
"name": "sun-java-jar-file-information-disclosure(22261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22261"
},
{
"name": "ADV-2005-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1733"
},
{
"name": "P-305",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-305.shtml"
},
{
"name": "101905",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1"
},
{
"name": "14823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14823"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16802"
},
{
"name": "sun-java-jar-file-information-disclosure(22261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22261"
},
{
"name": "ADV-2005-1733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1733"
},
{
"name": "P-305",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-305.shtml"
},
{
"name": "101905",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1"
},
{
"name": "14823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14823"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4804",
"datePublished": "2006-05-25T10:00:00",
"dateReserved": "2006-05-25T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-06-18 19:41
Modified
2024-11-21 00:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | glassfish_server | 1.0 | |
| oracle | glassfish_server | 1.0 | |
| oracle | glassfish_server | 1.0 | |
| oracle | glassfish_server | 2.0 | |
| oracle | glassfish_server | 2.1 | |
| oracle | glassfish_server | 2.1.1 | |
| oracle | glassfish_server | 3.0 | |
| oracle | glassfish_server | 3.0.1 | |
| sun | java_system_application_server | 9.1_01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "772D2025-C240-45A5-9B55-2B7F5331444D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:1.0:ur1:*:*:*:*:*:*",
"matchCriteriaId": "3152B8B7-3B48-492A-8A9E-3DD6638679EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:1.0:ur1_po1:*:*:*:*:*:*",
"matchCriteriaId": "CAFDA3BE-54A3-49F3-ABF1-76437AD2DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6AD5FD-8A44-4184-B5F5-9FC0DF24B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDD6781-CF9E-4ED3-861F-99217EE0711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2813A2-A847-45F5-80C9-95E1D82C36FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56AAEB5-E5A5-44A4-8B82-0C465122F2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.1_01:*:*:*:*:*:*:*",
"matchCriteriaId": "19499B09-D94F-4675-8FCA-D75E4EAD0208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, or (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (a) resourceNode/customResourceNew.jsf; the (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, or (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc parameter to (b) resourceNode/externalResourceNew.jsf; the (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, or (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (c) resourceNode/jmsDestinationNew.jsf; the (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi or (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd parameter to (d) resourceNode/jmsConnectionNew.jsf; the (15) propertyForm:propertySheet:propertSectionTextField:jndiProp:jnditext or (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc parameter to (e) resourceNode/jdbcResourceNew.jsf; the (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, or (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder parameter to (f) applications/lifecycleModulesNew.jsf; or the (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, or (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db parameter to (g) resourceNode/jdbcConnectionPoolNew1.jsf."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz webadmin de Glassfish en Java System Application Server de Sun versi\u00f3n 9.1_01, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (2) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (3) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, o (4) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc en (a) el archivo resourceNode/customResourceNew.jsf; el par\u00e1metro (5) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, (6) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:resTypeProp:resType, (7) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:factoryClassProp:factoryClass, (8) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiLookupProp:jndiLookup, o (9) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:descProp:desc en (b) el archivo resourceNode/externalResourceNew.jsf; el par\u00e1metro (10) propertyForm:propertySheet:propertSectionTextField:jndiProp:Jndi, (11) propertyForm:propertySheet:propertSectionTextField:nameProp:name, o (12) propertyForm:propertySheet:propertSectionTextField:descProp:desc en (c) el archivo resourceNode/jmsDestinationNew.jsf; el par\u00e1metro (13) propertyForm:propertySheet:generalPropertySheet:jndiProp:Jndi o (14) propertyForm:propertySheet:generalPropertySheet:descProp:cd en (d) el archivo resourceNode/jmsConnectionNew.jsf; el par\u00e1metro (15) propertyForm:propertySheet:propertSectionTextField :jndiProp:jnditext o (16) propertyForm:propertySheet:propertSectionTextField:descProp:desc en (e) el archivo resourceNode/jdbcResourceNew.jsf; el par\u00e1metro (17) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:nameProp:name, (18) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:classNameProp:classname, o (19) propertyForm:propertyContentPage:propertySheet:propertSectionTextField:loadOrderProp:loadOrder en (f) el archivo aplicaciones/lifecycleModulesNew.jsf; o el par\u00e1metro (20) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:jndiProp:name, (21) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:resTypeProp:resType, o (22) propertyForm:propertyContentPage:propertySheet:generalPropertySheet:dbProp:db en (g) el archivo resourceNode/jdbcConnectionPoolNew1.jsf."
}
],
"id": "CVE-2008-2751",
"lastModified": "2024-11-21T00:47:36.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-18T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3949"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493370/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29751"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493370/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-28 19:00
Modified
2024-11-21 00:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 9.1_01 | |
| sun | java_system_application_server | 9.1_02 | |
| oracle | glassfish_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.1_01:b09d-fcs:*:*:*:*:*:*",
"matchCriteriaId": "4D4530B8-D1CC-4FCF-996B-65564B2543F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.1_02:b04-fcs:*:*:*:*:*:*",
"matchCriteriaId": "250D23D8-7897-4391-9B2B-278B2579DD1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6AD5FD-8A44-4184-B5F5-9FC0DF24B475",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en configuration/httpListenerEdit.jsf en la interfaz GlassFish 2 UR2 b04 webadmin en Sun Java System Application Server v9.1_01 build b09d-fcs y v9.1_02 build b04-fcs permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro \"name\", un vector diferente a CVE-2008-2751."
}
],
"id": "CVE-2008-5266",
"lastModified": "2024-11-21T00:53:41.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-28T19:00:08.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30604"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4659"
},
{
"source": "cve@mitre.org",
"url": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493243/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29646"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493243/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-11 23:30
Modified
2024-11-21 00:33
Severity ?
Summary
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0515F299-43E6-4957-A086-607DEC1F6C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_linux:*:*:*:*:*",
"matchCriteriaId": "95D68A65-BEE4-4043-95E8-0A113B33AD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_sparc:*:*:*:*:*",
"matchCriteriaId": "8481AAD3-EC42-475B-AD1B-BD99AC13BA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_windows:*:*:*:*:*",
"matchCriteriaId": "6A13968A-99F0-439C-BCA5-7002AC7A2E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_x86:*:*:*:*:*",
"matchCriteriaId": "D837D07F-E675-421C-8BD0-B774881A1B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*",
"matchCriteriaId": "B05BB1F3-1324-4070-802B-E61B76888391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_linux:*:*:*:*:*",
"matchCriteriaId": "7B74A192-69A9-4732-80E6-803E042477ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_sparc:*:*:*:*:*",
"matchCriteriaId": "8F900745-5E01-47AE-A752-3E4A63CE96D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_windows:*:*:*:*:*",
"matchCriteriaId": "C82607CC-0873-4ED0-BCC4-D5080673E898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_x86:*:*:*:*:*",
"matchCriteriaId": "EC1D162B-C6DB-4B5D-82E7-C3E2F2D4B18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "A4852722-FF63-47A5-B227-02271B565CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_linux:*:*:*:*:*",
"matchCriteriaId": "3DACAFF0-17BD-4DEA-8D95-34C9A265320C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_sparc:*:*:*:*:*",
"matchCriteriaId": "6DF7FCB5-7322-492E-97DD-A34DDEF1457B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_windows:*:*:*:*:*",
"matchCriteriaId": "C7EA87D0-778A-4C09-A069-81CF0D767B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_x86:*:*:*:*:*",
"matchCriteriaId": "0FC6726C-9A14-4E5D-AE46-171D286B0889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
},
{
"lang": "es",
"value": "Sun Java System Application Server y Web Server versiones 7.0 hasta 9.0 anterior al 20070710, no procesan apropiadamente las hojas de estilo XSLT en las transformaciones de XSLT en firmas XML, lo que permite a atacantes dependiendo del contexto ejecutar un m\u00e9todo Java arbitrario por medio de una hoja de estilo dise\u00f1ada, un problema relacionado con CVE-2007-3716."
}
],
"id": "CVE-2007-3715",
"lastModified": "2024-11-21T00:33:53.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-11T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37248"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26023"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-01 05:17
Modified
2024-11-21 00:37
Severity ?
Summary
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "589D3B3E-4F22-42B5-ADF1-C0537F85C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_sparc:*:*:*:*:*",
"matchCriteriaId": "F73D1848-D765-46B8-9B61-4A7A351CA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_x86:*:*:*:*:*",
"matchCriteriaId": "51834E30-6780-433E-9146-C4B8DEFF7CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:*:*:*:*:*:*",
"matchCriteriaId": "EE7DD0A3-0001-45B0-BACB-A1388D754D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E6C23-C834-40EE-BC54-48D11DBCEC0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 8.x, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-5153",
"lastModified": "2024-11-21T00:37:15.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T05:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37757"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26976"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018753"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25842"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-07 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 8.1 | |
| sun | one_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and \"compromise data privacy.\""
}
],
"id": "CVE-2005-4046",
"lastModified": "2024-11-21T00:03:23.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-07T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17873"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015312"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15728"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102012-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:6.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "A75F7843-0C80-4235-8F71-7073494A75C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*",
"matchCriteriaId": "FAF567AF-95D6-4634-90BB-E34801F44459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*",
"matchCriteriaId": "A6F3E897-8253-4D9B-9FA7-83727F508789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*",
"matchCriteriaId": "18ECFDD3-6D45-44F1-BA98-426D86084BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*",
"matchCriteriaId": "4C28CDD2-F08A-438D-B4E2-093994BE50C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*",
"matchCriteriaId": "3A84AFF0-8598-48C7-90BE-DB2700F55430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors."
}
],
"id": "CVE-2005-4805",
"lastModified": "2024-11-21T00:05:13.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17164"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19950"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101910-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15084"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "72E930EF-CCEC-44EA-AA45-18644EFDA5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "506D842B-339C-452A-A229-C6B59B0E038D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*",
"matchCriteriaId": "1CD1E4C9-BFF1-4818-A1B8-ECD7B54C8B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "492922BE-3B31-486C-94B5-114089E51E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70E0FF18-9B01-4500-9599-8F085655C388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE69D422-E6FF-40F5-BC73-73BE3A042DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "39B65825-FE48-4938-A04F-12740611681B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE13D7D-2171-44F3-84D3-4CFD024AA3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5E0298-99D9-476D-A7DF-36C6207482DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0069EE-831B-4E6D-9AF9-71EFC9EED509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "5234109F-AD90-4324-AA03-C5DE007D32F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B9FDA-DC62-4EC9-9120-A7E6795C2815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60812728-EC82-461E-BBDC-C5B4C1BF79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D94D2CA3-9868-4F27-B31D-D3EDC256BE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*",
"matchCriteriaId": "75FFC8CC-AB53-40CD-B6DF-C8CC17320FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAF40A-00F0-48BA-BEE7-4722C82DC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6280F25-3BC7-4701-914A-9ADC35A1A73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2CB845-D0E6-4B45-95A1-879BCCA037D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F18F9770-12E2-44D5-ABB6-EDFD2383BFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2CB1E6-63A1-42C5-889C-7EA83CB50543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34D42A9F-449C-4F4D-B610-538BF133F744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*",
"matchCriteriaId": "5AECADB3-F1EC-4410-AECF-D2C08B18F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4147A43C-DA7B-4D08-90E9-72DE57B1D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3577B789-DBB6-413D-B964-B32FE3E8CD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "FFBC4A27-818F-4B2C-818E-62FB43440DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1721BFD6-7914-4ADB-8205-38964C8FFDA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4EB62E6F-87E2-4A98-B4BD-3E0036CE7640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "418B500F-2A05-4419-997F-E04ECA2E3626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD208FC-AC17-45DF-9A5F-D8CDA6DB3A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4A29E0A5-9C1D-4CCF-AEEB-FF0B32B4201D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0CE4230F-88A6-49DD-A05A-FCF4F2A5FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "85FAD645-5AFB-4553-85DA-D25E0333A26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "0D98D58B-AE93-4471-81E0-FD0A4ED1AD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "85C1DEB1-2628-45D4-9DB4-64A4CF9C89B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F331B4BD-1381-4011-B2D9-9CD9B73F976B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*",
"matchCriteriaId": "B708CDB3-0BF9-4FE4-855F-DB6E1FE5A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*",
"matchCriteriaId": "DA8D4321-3683-460F-AFAA-1D31E9B16818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:personalization_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B348FC-6FEF-4682-BC25-82E726BFB64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8DFE4D-1FB6-41D7-AAB6-82400C6B4504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*",
"matchCriteriaId": "132976FA-A42E-4CC0-8C8F-9A034A046B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E583F338-CF10-4FD5-8A86-A3CE46E863DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "873034EA-B3C6-43E6-AE98-A04598D9A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*",
"matchCriteriaId": "AC90D2B4-4FBE-405A-BD17-F84A37DC914E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*",
"matchCriteriaId": "04366BB7-9F1D-4EC0-AE79-9603F71166C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F55C3-F5BD-49A7-B561-ACD8D522225D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4493C646-DF4B-45C7-86F7-A71AC9B1CA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "689F0A9F-8F34-4958-B869-C4FB8BC02406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*",
"matchCriteriaId": "D73D159B-C3D8-4BBD-8BAA-E9E8D3AD3A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"id": "CVE-2004-0826",
"lastModified": "2024-11-20T23:49:30.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-09 15:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4BBA10-5199-45B0-9288-4DD492D8D9CE",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "CA9A7000-7E63-472C-9D60-0BEA4D775A4E",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Java System Application Server versi\u00f3n 7 2004Q2 anterior a Update 6, Web Server versi\u00f3n 6.1 anterior a SP8 y and Web Server versi\u00f3n 7.0 anterior a Update 1 permite a atacantes remotos obtener el c\u00f3digo fuente de los ficheros JSP mediante vectores no conocidos."
}
],
"id": "CVE-2008-2120",
"lastModified": "2024-11-21T00:46:08.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-09T15:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-23 19:17
Modified
2024-11-21 00:35
Severity ?
Summary
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 9.0_0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0_0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B69EB4-CC7F-4E98-B0CA-CDAE9030025B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy."
},
{
"lang": "es",
"value": "La consola Sun Admin en Sun Application Server 9.0_0.1 no aplica ciertos cambios de configuraci\u00f3n persistentes, lo cual provoca que los servicios de escucha (1) SSL y (2) SSL_MutualAuth ORB a habilitados, todos los protocolos y c\u00f3digos son reiniciados, posiblemente llevandose a cabo ataques remotos evitando las pol\u00edticas de validaci\u00f3n."
}
],
"id": "CVE-2007-4511",
"lastModified": "2024-11-21T00:35:46.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-23T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45828"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477315/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25400"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477315/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36169"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-20 03:02
Modified
2024-11-21 00:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_application_server | * | |
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | one_application_server | * | |
| sun | one_application_server | * | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_web_server | * | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "E3CBDF1B-C506-4A89-B597-AFEA98FBDBC9",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "AA47D452-353D-4108-9350-1A0EC1D2B728",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E24F3990-8090-49AA-B490-B57DF2756791",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*",
"matchCriteriaId": "948567FB-7B09-42BF-ACFA-A2E04E7BD276",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*",
"matchCriteriaId": "1A5885D7-8FC7-4BF7-BE07-06CE1C743454",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*",
"matchCriteriaId": "BDAF373D-CB7C-4410-8187-167B79480AA4",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nSun, ONE Web Server, 6.0 SP10 or later\r\nSun, Java System Web Server, 6.1 SP5 or later\r\nSun, ONE Application Server, 7.0 Platform Update 7 or later\r\nSun, ONE Application Server, 7.0 Standard Update 7 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Standard Update 3 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Enterprise Update 3 or later",
"id": "CVE-2006-2501",
"lastModified": "2024-11-21T00:11:27.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-20T03:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-20 03:14
Modified
2024-11-21 01:24
Severity ?
Summary
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | glassfish_server | 2.1 | |
| oracle | glassfish_server | 2.1.1 | |
| oracle | glassfish_server | 3.0.1 | |
| sun | java_system_application_server | 9.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDD6781-CF9E-4ED3-861F-99217EE0711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56AAEB5-E5A5-44A4-8B82-0C465122F2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD2DB5-0117-4D84-A79A-26C629EF2453",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con la Administraci\u00f3n."
}
],
"id": "CVE-2011-0807",
"lastModified": "2024-11-21T01:24:54.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-20T03:14:06.583",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://securityreason.com/securityalert/8327"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-26 16:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_application_server | 8.1 | |
| sun | one_application_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur4:*:*:*:*:*:*",
"matchCriteriaId": "0AA2F7CD-790A-4F9B-B42E-3B3967818C8D",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_8:*:*:*:*:*:*",
"matchCriteriaId": "990CB3BC-82FF-4480-B5B7-52761FF78BBA",
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun ONE Application Server v7 anterior a actualizaci\u00f3n v9, Java System Application Server v7 2004Q2 anterior a actualizaci\u00f3n v5, y Java System Application Server Enterprise Edition v8.1 2005 Q1 permite a atacantes remotos inyecatr c\u00f3digo HTML o web a trav\u00e9s de vectores desconocidos. \r\n"
}
],
"id": "CVE-2006-3225",
"lastModified": "2024-11-21T00:13:06.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-26T16:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20835"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016378"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18635"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2508"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-28 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*",
"matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "7805CF93-C1EC-4698-95A6-CAB9C26EEAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*",
"matchCriteriaId": "FAF567AF-95D6-4634-90BB-E34801F44459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*",
"matchCriteriaId": "A6F3E897-8253-4D9B-9FA7-83727F508789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*",
"matchCriteriaId": "18ECFDD3-6D45-44F1-BA98-426D86084BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*",
"matchCriteriaId": "4C28CDD2-F08A-438D-B4E2-093994BE50C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*",
"matchCriteriaId": "3A84AFF0-8598-48C7-90BE-DB2700F55430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E583F338-CF10-4FD5-8A86-A3CE46E863DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
},
{
"lang": "es",
"value": "Sun Java System Application Server (SJSAS) 7 hasta la 8.1 y Web Server (SJSWS) 6.0 y 6.1 permite a usuarios remotos validados leer archivos fuera del \"directorio de documentos del root\" a trav\u00e9s de respuesta directas utilizando una codificaci\u00f3n URI UTF-8."
}
],
"id": "CVE-2006-3921",
"lastModified": "2024-11-21T00:14:43.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-28T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21251"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22425"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-27 02:30
Modified
2024-11-21 00:59
Severity ?
Summary
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.2 | |
| sun | java_system_application_server | 8.2 | |
| sun | java_system_application_server | 8.2 | |
| sun | java_system_application_server | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "B916CF5C-CF2C-48FA-B00B-7453DED400B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "E30D3A0A-BE19-422D-B3AE-11521EB479C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "07CAE8DE-6AC0-4119-AAEA-2B8C073E2FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "6CB78C86-84B2-4893-ACFF-05A9FE5D14DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "A44CDE82-4AAF-4259-903D-A6284C79913D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "04B3EDF3-B8C8-4F5D-AB34-F940B91062B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "71A68D2D-0DC4-49DA-A082-1919752061AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "D061EE51-08EF-4CB5-8916-8196560458FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request."
},
{
"lang": "es",
"value": "Sun Java System Application Server (AS) 8.1 y 8.2 permite a atacantes remotos leer los ficheros de configuraci\u00f3n de las aplicaciones Web en los directorios (1) WEB-INF o (2) META-INF mediante una solicitud mal formada."
}
],
"id": "CVE-2009-0278",
"lastModified": "2024-11-21T00:59:31.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-27T02:30:04.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51604"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33725"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33397"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0208"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications."
}
],
"id": "CVE-2005-4804",
"lastModified": "2024-11-21T00:05:13.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16802"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ciac.org/ciac/bulletins/p-305.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14823"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1733"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101905-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ciac.org/ciac/bulletins/p-305.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22261"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-26 19:30
Modified
2024-11-21 00:34
Severity ?
Summary
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.2 | |
| sun | java_system_application_server | 8.2 | |
| sun | java_system_application_server | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0515F299-43E6-4957-A086-607DEC1F6C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*",
"matchCriteriaId": "B05BB1F3-1324-4070-802B-E61B76888391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "A4852722-FF63-47A5-B227-02271B565CBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el Sun Java System (SJS) Application Server 8.1 hasta la 9.0 anterior al 20070724 bajo Windows, permite a atacantes remotos la obtenci\u00f3n de c\u00f3digo fuente JSP a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2007-4025",
"lastModified": "2024-11-21T00:34:36.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-26T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37250"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26187"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25058"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018452"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2647"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103000-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201537-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-16 23:55
Modified
2024-11-21 01:40
Severity ?
Summary
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | glassfish_server | 2.1.1 | |
| oracle | glassfish_server | 3.0.1 | |
| oracle | glassfish_server | 3.1.2 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_application_server | 8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A56AAEB5-E5A5-44A4-8B82-0C465122F2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E6C23-C834-40EE-BC54-48D11DBCEC0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente CORBA ORB de Sun GlassFish Enterprise Server v2.1.1, Sun GlassFish Enterprise Server v3.0.1 y v3.1.2 y Sun Java Application Server System v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad, en relaci\u00f3n con CORBA ORB."
}
],
"id": "CVE-2012-3155",
"lastModified": "2024-11-21T01:40:18.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-16T23:55:03.963",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/56073"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securitytracker.com/id?1027676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027676"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-01 05:17
Modified
2024-11-21 00:37
Severity ?
Summary
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_application_server | 9.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "589D3B3E-4F22-42B5-ADF1-C0537F85C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_sparc:*:*:*:*:*",
"matchCriteriaId": "F73D1848-D765-46B8-9B61-4A7A351CA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_x86:*:*:*:*:*",
"matchCriteriaId": "51834E30-6780-433E-9146-C4B8DEFF7CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD2DB5-0117-4D84-A79A-26C629EF2453",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks."
},
{
"lang": "es",
"value": "Sun Java System Access Manager 7.1, cuando se instala en un contenedor Sun Java System Application Server 9.1, no requiere la autentificaci\u00f3n despu\u00e9s del reinicio del contenedor, el cual permite a atatacantes remotos realizar tareas administrativas."
}
],
"id": "CVE-2007-5152",
"lastModified": "2024-11-21T00:37:15.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-01T05:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37758"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26976"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25842"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018753"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103069-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200839-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-04 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_web_proxy_server | - | |
| sun | java_system_web_proxy_server | 3.6 | |
| sun | java_system_web_proxy_server | 4.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.1 | |
| sun | one_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados."
}
],
"id": "CVE-2006-6276",
"lastModified": "2024-11-21T00:22:19.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-04T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/23186"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017322"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/23186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*",
"matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*",
"matchCriteriaId": "A6F3E897-8253-4D9B-9FA7-83727F508789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*",
"matchCriteriaId": "18ECFDD3-6D45-44F1-BA98-426D86084BA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"id": "CVE-2005-0742",
"lastModified": "2024-11-20T23:55:48.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de Sun Java System Application Server v7 y v7 2004Q2 activa el m\u00e9todo HTTP TRACE, lo que provoca que sea mas sencillo para un atacante remoto robar las cookies y credenciales de autenticaci\u00f3n a trav\u00e9s de un ataque de seguimiento de trazas en sitios cruzados (XST), est\u00e1 relacionado con CVE-2004-2763 y CVE-2005-3398.\r\n"
}
],
"evaluatorImpact": "Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1\r\n\r\n\r\nContributing Factors\r\n\r\nThis issue can occur in the following releases:\r\n\r\n * Sun Java System Application Server Standard Edition 7 and later updates\r\n * Sun Java System Application Server Standard Edition 7 2004Q2 and later updates\r\n * Sun Java System Application Server Platform Edition 7 and later updates",
"id": "CVE-2010-0386",
"lastModified": "2024-11-21T01:12:06.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
],
"id": "CVE-2004-2216",
"lastModified": "2024-11-20T23:52:47.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13072"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/11383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/11383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}