All the vulnerabilites related to sun - java_system_web_server
cve-2007-1488
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33016 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securityfocus.com/bid/22993 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1017788 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/0972 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24545 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/34080 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-java-url-information-disclosure(33016)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33016"
},
{
"name": "102833",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1"
},
{
"name": "22993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22993"
},
{
"name": "1017788",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017788"
},
{
"name": "ADV-2007-0972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0972"
},
{
"name": "24545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24545"
},
{
"name": "34080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to \"gain unauthorized access to data\", possibly involving a sample application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-java-url-information-disclosure(33016)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33016"
},
{
"name": "102833",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1"
},
{
"name": "22993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22993"
},
{
"name": "1017788",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017788"
},
{
"name": "ADV-2007-0972",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0972"
},
{
"name": "24545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24545"
},
{
"name": "34080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to \"gain unauthorized access to data\", possibly involving a sample application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-java-url-information-disclosure(33016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33016"
},
{
"name": "102833",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1"
},
{
"name": "22993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22993"
},
{
"name": "1017788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017788"
},
{
"name": "ADV-2007-0972",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0972"
},
{
"name": "24545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24545"
},
{
"name": "34080",
"refsource": "OSVDB",
"url": "http://osvdb.org/34080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1488",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0629
Vulnerability from cvelistv5
Published
2000-08-03 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1459 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1459"
},
{
"name": "20000711 Sun\u0027s Java Web Server remote command execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-22T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1459"
},
{
"name": "20000711 Sun\u0027s Java Web Server remote command execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1459"
},
{
"name": "20000711 Sun\u0027s Java Web Server remote command execution vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html"
},
{
"name": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html",
"refsource": "MISC",
"url": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0629",
"datePublished": "2000-08-03T04:00:00",
"dateReserved": "2000-08-02T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2216
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/11383 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securityfocus.com/bid/11593 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17941 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/13072 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:12.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11383"
},
{
"name": "57669",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"name": "11593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11593"
},
{
"name": "101589",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"name": "sun-java-web-application-dos(17941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"name": "13072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2216",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:12.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1150
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-09-16 19:04
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/15504 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/14961 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15504"
},
{
"name": "14961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14961"
},
{
"name": "57760",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-16T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15504"
},
{
"name": "14961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14961"
},
{
"name": "57760",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15504",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15504"
},
{
"name": "14961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14961"
},
{
"name": "57760",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1150",
"datePublished": "2005-04-16T04:00:00Z",
"dateReserved": "2005-04-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:04:57.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0273
Vulnerability from cvelistv5
Published
2010-01-08 17:00
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.com/sjws_demo.html | x_refsource_MISC | |
| http://www.intevydis.com/blog/?p=102 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-08T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.com/sjws_demo.html",
"refsource": "MISC",
"url": "http://intevydis.com/sjws_demo.html"
},
{
"name": "http://www.intevydis.com/blog/?p=102",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0273",
"datePublished": "2010-01-08T17:00:00Z",
"dateReserved": "2010-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:56.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6569
Vulnerability from cvelistv5
Published
2007-12-28 21:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26978 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28216 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/28186 | third-party-advisory, x_refsource_SECUNIA | |
| http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/4313 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28186"
},
{
"name": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view",
"refsource": "CONFIRM",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6569",
"datePublished": "2007-12-28T21:00:00",
"dateReserved": "2007-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1889
Vulnerability from cvelistv5
Published
2005-06-08 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2005/0695 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101690",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1"
},
{
"name": "ADV-2005-0695",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101690",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1"
},
{
"name": "ADV-2005-0695",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101690",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1"
},
{
"name": "ADV-2005-0695",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1889",
"datePublished": "2005-06-08T04:00:00",
"dateReserved": "2005-06-08T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2120
Vulnerability from cvelistv5
Published
2008-05-09 15:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019986 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1019985 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30122 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1457/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29088 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"name": "1019985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"name": "201255",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"name": "javasystem-jsp-information-disclosure(42266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"name": "30122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30122"
},
{
"name": "ADV-2008-1457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"name": "29088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2120",
"datePublished": "2008-05-09T15:00:00",
"dateReserved": "2008-05-09T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3715
Vulnerability from cvelistv5
Published
2007-07-11 23:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/473552/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/26023 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/473553/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35335 | vdb-entry, x_refsource_XF | |
| http://www.isecpartners.com/advisories/2007-04-dsig.txt | x_refsource_MISC | |
| http://osvdb.org/37248 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24850 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/2493 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2007/2785 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070712 Command Injection in XML Digital Signatures",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "26023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26023"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"name": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf",
"refsource": "MISC",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "sunjava-xsltstylesheets-code-execution(35335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"name": "http://www.isecpartners.com/advisories/2007-04-dsig.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "37248",
"refsource": "OSVDB",
"url": "http://osvdb.org/37248"
},
{
"name": "24850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24850"
},
{
"name": "ADV-2007-2493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"name": "102992",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"name": "ADV-2007-2785",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"name": "200054",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3715",
"datePublished": "2007-07-11T23:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4164
Vulnerability from cvelistv5
Published
2007-08-07 10:00
Modified
2024-08-07 14:46
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2766 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26326 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25190 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35783 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securitytracker.com/id?1018504 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2766",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2766"
},
{
"name": "26326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26326"
},
{
"name": "25190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25190"
},
{
"name": "sun-redirect-response-splitting(35783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35783"
},
{
"name": "103003",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1"
},
{
"name": "1018504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2766",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2766"
},
{
"name": "26326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26326"
},
{
"name": "25190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25190"
},
{
"name": "sun-redirect-response-splitting(35783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35783"
},
{
"name": "103003",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1"
},
{
"name": "1018504",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2766",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2766"
},
{
"name": "26326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26326"
},
{
"name": "25190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25190"
},
{
"name": "sun-redirect-response-splitting(35783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35783"
},
{
"name": "103003",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1"
},
{
"name": "1018504",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4164",
"datePublished": "2007-08-07T10:00:00",
"dateReserved": "2007-08-07T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2713
Vulnerability from cvelistv5
Published
2009-08-07 18:33
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36167 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35961 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2009/2176 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2713",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2712
Vulnerability from cvelistv5
Published
2009-08-07 18:33
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/56815 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35963 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36169 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1 | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2009/2177 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56815",
"refsource": "OSVDB",
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36169"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2712",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0361
Vulnerability from cvelistv5
Published
2010-01-20 16:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-20T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0361",
"datePublished": "2010-01-20T16:00:00Z",
"dateReserved": "2010-01-20T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:34.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2501
Vulnerability from cvelistv5
Published
2006-05-20 02:59
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18035 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016125 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26550 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20147 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016126 | vdb-entry, x_refsource_SECTRACK | |
| http://jvn.jp/jp/JVN%2303D5EAA8/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.vupen.com/english/advisories/2006/1866 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/114956 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2501",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0387
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55792 | vdb-entry, x_refsource_XF | |
| http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html | mailing-list, x_refsource_MLIST | |
| http://securitytracker.com/id?1023488 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/37896 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html"
},
{
"name": "jsws-digest-header-bo(55792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55792"
},
{
"name": "[dailydave] 20100120 Sun Web Server digest auth overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html"
},
{
"name": "1023488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023488"
},
{
"name": "37896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an \"Authorization: Digest\" HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html"
},
{
"name": "jsws-digest-header-bo(55792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55792"
},
{
"name": "[dailydave] 20100120 Sun Web Server digest auth overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html"
},
{
"name": "1023488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023488"
},
{
"name": "37896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an \"Authorization: Digest\" HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html"
},
{
"name": "jsws-digest-header-bo(55792)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55792"
},
{
"name": "[dailydave] 20100120 Sun Web Server digest auth overflow",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html"
},
{
"name": "1023488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023488"
},
{
"name": "37896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0387",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2010-01-25T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6571
Vulnerability from cvelistv5
Published
2007-12-28 21:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26978 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28216 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43977 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/4313 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "javasystem-proxy-unspecified-xss(43977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43977"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "javasystem-proxy-unspecified-xss(43977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43977"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "javasystem-proxy-unspecified-xss(43977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43977"
},
{
"name": "ADV-2007-4313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6571",
"datePublished": "2007-12-28T21:00:00",
"dateReserved": "2007-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0388
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37910 | vdb-entry, x_refsource_BID | |
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55812 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37910"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"name": "jsws-webdav-format-string(55812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37910"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"name": "jsws-webdav-format-string(55812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37910"
},
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"name": "jsws-webdav-format-string(55812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0388",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2010-01-25T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1526
Vulnerability from cvelistv5
Published
2007-03-20 20:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24531 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1017777 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://osvdb.org/34074 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/0958 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24531"
},
{
"name": "1017777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017777"
},
{
"name": "102822",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1"
},
{
"name": "34074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34074"
},
{
"name": "ADV-2007-0958",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24531"
},
{
"name": "1017777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017777"
},
{
"name": "102822",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1"
},
{
"name": "34074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34074"
},
{
"name": "ADV-2007-0958",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24531"
},
{
"name": "1017777",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017777"
},
{
"name": "102822",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1"
},
{
"name": "34074",
"refsource": "OSVDB",
"url": "http://osvdb.org/34074"
},
{
"name": "ADV-2007-0958",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1526",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0272
Vulnerability from cvelistv5
Published
2010-01-08 17:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.com/sjws_demo.html | x_refsource_MISC | |
| http://www.intevydis.com/blog/?p=102 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55527 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"name": "jsws-data-information-disclosure(55527)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"name": "jsws-data-information-disclosure(55527)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.com/sjws_demo.html",
"refsource": "MISC",
"url": "http://intevydis.com/sjws_demo.html"
},
{
"name": "http://www.intevydis.com/blog/?p=102",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"name": "jsws-data-information-disclosure(55527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0272",
"datePublished": "2010-01-08T17:00:00",
"dateReserved": "2010-01-08T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2166
Vulnerability from cvelistv5
Published
2008-05-13 20:14
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30133 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29087 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1455/references | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securitytracker.com/id?1019987 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42263 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30133"
},
{
"name": "29087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29087"
},
{
"name": "ADV-2008-1455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1455/references"
},
{
"name": "231467",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1"
},
{
"name": "1019987",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019987"
},
{
"name": "javasystem-search-xss(42263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30133"
},
{
"name": "29087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29087"
},
{
"name": "ADV-2008-1455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1455/references"
},
{
"name": "231467",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1"
},
{
"name": "1019987",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019987"
},
{
"name": "javasystem-search-xss(42263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30133"
},
{
"name": "29087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29087"
},
{
"name": "ADV-2008-1455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1455/references"
},
{
"name": "231467",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1"
},
{
"name": "1019987",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019987"
},
{
"name": "javasystem-search-xss(42263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2166",
"datePublished": "2008-05-13T20:14:00",
"dateReserved": "2008-05-13T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3878
Vulnerability from cvelistv5
Published
2009-11-05 16:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.intevydis.com/blog/?p=79 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54065 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/59497 | vdb-entry, x_refsource_OSVDB | |
| http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/3024 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37115 | third-party-advisory, x_refsource_SECUNIA | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=79"
},
{
"name": "jsws-unspecified-bo(54065)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"
},
{
"name": "59497",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"
},
{
"name": "ADV-2009-3024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3024"
},
{
"name": "37115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=79"
},
{
"name": "jsws-unspecified-bo(54065)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"
},
{
"name": "59497",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"
},
{
"name": "ADV-2009-3024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3024"
},
{
"name": "37115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intevydis.com/blog/?p=79",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=79"
},
{
"name": "jsws-unspecified-bo(54065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"
},
{
"name": "59497",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59497"
},
{
"name": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html",
"refsource": "MISC",
"url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"
},
{
"name": "ADV-2009-3024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3024"
},
{
"name": "37115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37115"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3878",
"datePublished": "2009-11-05T16:00:00",
"dateReserved": "2009-11-05T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5654
Vulnerability from cvelistv5
Published
2006-11-03 00:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29946 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22646 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://securitytracker.com/id?1017143 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/4299 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20846 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-java-nss-dos(29946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946"
},
{
"name": "22646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22646"
},
{
"name": "102670",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1"
},
{
"name": "1017143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017143"
},
{
"name": "ADV-2006-4299",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4299"
},
{
"name": "20846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-java-nss-dos(29946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946"
},
{
"name": "22646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22646"
},
{
"name": "102670",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1"
},
{
"name": "1017143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017143"
},
{
"name": "ADV-2006-4299",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4299"
},
{
"name": "20846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-java-nss-dos(29946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946"
},
{
"name": "22646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22646"
},
{
"name": "102670",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1"
},
{
"name": "1017143",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017143"
},
{
"name": "ADV-2006-4299",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4299"
},
{
"name": "20846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5654",
"datePublished": "2006-11-03T00:00:00",
"dateReserved": "2006-11-02T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6276
Vulnerability from cvelistv5
Published
2006-12-04 11:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/23186 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1017324 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30662 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4793 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/21371 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017323 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1017322 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102733",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102733",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017322"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102733",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"name": "23186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23186"
},
{
"name": "1017324",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017324"
},
{
"name": "sunserver-proxy-csrf(30662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"name": "ADV-2006-4793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"name": "21371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21371"
},
{
"name": "1017323",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017323"
},
{
"name": "1017322",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017322"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6276",
"datePublished": "2006-12-04T11:00:00",
"dateReserved": "2006-12-03T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2518
Vulnerability from cvelistv5
Published
2008-06-03 14:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1649/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30381 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42624 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29355 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securitytracker.com/id?1020110 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:29.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1649",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1649/references"
},
{
"name": "30381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30381"
},
{
"name": "javasystem-advancedsearch-xss(42624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624"
},
{
"name": "29355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29355"
},
{
"name": "236481",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1"
},
{
"name": "1020110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-1649",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1649/references"
},
{
"name": "30381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30381"
},
{
"name": "javasystem-advancedsearch-xss(42624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624"
},
{
"name": "29355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29355"
},
{
"name": "236481",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1"
},
{
"name": "1020110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1649",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1649/references"
},
{
"name": "30381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30381"
},
{
"name": "javasystem-advancedsearch-xss(42624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624"
},
{
"name": "29355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29355"
},
{
"name": "236481",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1"
},
{
"name": "1020110",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2518",
"datePublished": "2008-06-03T14:00:00",
"dateReserved": "2008-06-03T00:00:00",
"dateUpdated": "2024-08-07T09:05:29.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1934
Vulnerability from cvelistv5
Published
2009-06-05 15:25
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/35338 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35204 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54872 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1500 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022334 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50951 | vdb-entry, x_refsource_XF | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "259588",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "259588",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "259588",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"refsource": "OSVDB",
"url": "http://osvdb.org/54872"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1934",
"datePublished": "2009-06-05T15:25:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6570
Vulnerability from cvelistv5
Published
2007-12-28 21:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26978 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28216 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/28186 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43976 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/40851 | vdb-entry, x_refsource_OSVDB | |
| http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247 | x_refsource_CONFIRM | |
| http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/4313 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28186"
},
{
"name": "javasystem-proxy-viewurl-xss(43976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
},
{
"name": "40851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28186"
},
{
"name": "javasystem-proxy-viewurl-xss(43976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
},
{
"name": "40851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "28186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28186"
},
{
"name": "javasystem-proxy-viewurl-xss(43976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
},
{
"name": "40851",
"refsource": "OSVDB",
"url": "http://osvdb.org/40851"
},
{
"name": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247",
"refsource": "CONFIRM",
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"name": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view",
"refsource": "CONFIRM",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"name": "ADV-2007-4313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6570",
"datePublished": "2007-12-28T21:00:00",
"dateReserved": "2007-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0360
Vulnerability from cvelistv5
Published
2010-01-20 16:00
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html | x_refsource_MISC | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an \"overflow.\" NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-20T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an \"overflow.\" NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0360",
"datePublished": "2010-01-20T16:00:00Z",
"dateReserved": "2010-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:20.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0389
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-25T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0389",
"datePublished": "2010-01-25T19:00:00Z",
"dateReserved": "2010-01-25T00:00:00Z",
"dateUpdated": "2024-09-16T23:30:40.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6572
Vulnerability from cvelistv5
Published
2007-12-28 21:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43978 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/26978 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28216 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.vupen.com/english/advisories/2007/4313 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "javasystem-unspecified-xss(43978)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43978"
},
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "javasystem-unspecified-xss(43978)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43978"
},
{
"name": "26978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "ADV-2007-4313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "javasystem-unspecified-xss(43978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43978"
},
{
"name": "26978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26978"
},
{
"name": "28216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28216"
},
{
"name": "103002",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"name": "ADV-2007-4313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6572",
"datePublished": "2007-12-28T21:00:00",
"dateReserved": "2007-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0812
Vulnerability from cvelistv5
Published
2000-10-18 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba | vendor-advisory, x_refsource_SUN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5135 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/1600 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/templates/advisory.html?id=2542 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "00197",
"tags": [
"vendor-advisory",
"x_refsource_SUN",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/197\u0026type=0\u0026nav=sec.sba"
},
{
"name": "sunjava-webadmin-bbs(5135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5135"
},
{
"name": "1600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/advisory.html?id=2542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "00197",
"tags": [
"vendor-advisory",
"x_refsource_SUN"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/197\u0026type=0\u0026nav=sec.sba"
},
{
"name": "sunjava-webadmin-bbs(5135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5135"
},
{
"name": "1600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/templates/advisory.html?id=2542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "00197",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/197\u0026type=0\u0026nav=sec.sba"
},
{
"name": "sunjava-webadmin-bbs(5135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5135"
},
{
"name": "1600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1600"
},
{
"name": "http://www.securityfocus.com/templates/advisory.html?id=2542",
"refsource": "MISC",
"url": "http://www.securityfocus.com/templates/advisory.html?id=2542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0812",
"datePublished": "2000-10-18T04:00:00",
"dateReserved": "2000-09-26T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3921
Vulnerability from cvelistv5
Published
2006-07-28 23:00
Modified
2024-08-07 18:48
Severity ?
EPSS score ?
Summary
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22425 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016596 | vdb-entry, x_refsource_SECTRACK | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28061 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/21251 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/19200 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016597 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/3020 | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22425"
},
{
"name": "1016596",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016596"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"name": "sun-java-utf8-file-disclosure(28061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"name": "21251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21251"
},
{
"name": "19200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19200"
},
{
"name": "1016597",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016597"
},
{
"name": "ADV-2006-3020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"name": "102521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3921",
"datePublished": "2006-07-28T23:00:00",
"dateReserved": "2006-07-28T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2445
Vulnerability from cvelistv5
Published
2009-07-13 17:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN47124169/index.html | third-party-advisory, x_refsource_JVN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/35701 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/1786 | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069 | third-party-advisory, x_refsource_JVNDB | |
| http://www.osvdb.org/55655 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1022511 | vdb-entry, x_refsource_SECTRACK | |
| http://isowarez.de/SunOne_Webserver.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#47124169",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN47124169/index.html"
},
{
"name": "266429",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1"
},
{
"name": "35701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35701"
},
{
"name": "ADV-2009-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1786"
},
{
"name": "JVNDB-2009-002069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069"
},
{
"name": "55655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55655"
},
{
"name": "1022511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022511"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isowarez.de/SunOne_Webserver.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#47124169",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN47124169/index.html"
},
{
"name": "266429",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1"
},
{
"name": "35701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35701"
},
{
"name": "ADV-2009-1786",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1786"
},
{
"name": "JVNDB-2009-002069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069"
},
{
"name": "55655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55655"
},
{
"name": "1022511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022511"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isowarez.de/SunOne_Webserver.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#47124169",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN47124169/index.html"
},
{
"name": "266429",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1"
},
{
"name": "35701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35701"
},
{
"name": "ADV-2009-1786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1786"
},
{
"name": "JVNDB-2009-002069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069"
},
{
"name": "55655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55655"
},
{
"name": "1022511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022511"
},
{
"name": "http://isowarez.de/SunOne_Webserver.txt",
"refsource": "MISC",
"url": "http://isowarez.de/SunOne_Webserver.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2445",
"datePublished": "2009-07-13T17:00:00",
"dateReserved": "2009-07-13T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-07-11 23:30
Modified
2024-11-21 00:33
Severity ?
Summary
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0515F299-43E6-4957-A086-607DEC1F6C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_linux:*:*:*:*:*",
"matchCriteriaId": "95D68A65-BEE4-4043-95E8-0A113B33AD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_sparc:*:*:*:*:*",
"matchCriteriaId": "8481AAD3-EC42-475B-AD1B-BD99AC13BA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_windows:*:*:*:*:*",
"matchCriteriaId": "6A13968A-99F0-439C-BCA5-7002AC7A2E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:enterprise_x86:*:*:*:*:*",
"matchCriteriaId": "D837D07F-E675-421C-8BD0-B774881A1B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*",
"matchCriteriaId": "B05BB1F3-1324-4070-802B-E61B76888391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_linux:*:*:*:*:*",
"matchCriteriaId": "7B74A192-69A9-4732-80E6-803E042477ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_sparc:*:*:*:*:*",
"matchCriteriaId": "8F900745-5E01-47AE-A752-3E4A63CE96D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_windows:*:*:*:*:*",
"matchCriteriaId": "C82607CC-0873-4ED0-BCC4-D5080673E898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.2:*:platform_x86:*:*:*:*:*",
"matchCriteriaId": "EC1D162B-C6DB-4B5D-82E7-C3E2F2D4B18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "A4852722-FF63-47A5-B227-02271B565CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_linux:*:*:*:*:*",
"matchCriteriaId": "3DACAFF0-17BD-4DEA-8D95-34C9A265320C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_sparc:*:*:*:*:*",
"matchCriteriaId": "6DF7FCB5-7322-492E-97DD-A34DDEF1457B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_windows:*:*:*:*:*",
"matchCriteriaId": "C7EA87D0-778A-4C09-A069-81CF0D767B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:9.0:*:platform_x86:*:*:*:*:*",
"matchCriteriaId": "0FC6726C-9A14-4E5D-AE46-171D286B0889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716."
},
{
"lang": "es",
"value": "Sun Java System Application Server y Web Server versiones 7.0 hasta 9.0 anterior al 20070710, no procesan apropiadamente las hojas de estilo XSLT en las transformaciones de XSLT en firmas XML, lo que permite a atacantes dependiendo del contexto ejecutar un m\u00e9todo Java arbitrario por medio de una hoja de estilo dise\u00f1ada, un problema relacionado con CVE-2007-3716."
}
],
"id": "CVE-2007-3715",
"lastModified": "2024-11-21T00:33:53.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-11T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37248"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26023"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200054-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-28 21:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp10:*:*:*:*:*:*",
"matchCriteriaId": "072BE21F-E09B-4087-83A0-44E9570AF6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*",
"matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*",
"matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*",
"matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp8:*:*:*:*:*:*",
"matchCriteriaId": "B53D14F8-67E5-480F-A87F-CCBCDA6F62E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp9:*:*:*:*:*:*",
"matchCriteriaId": "B71E5861-FC0F-4FEC-AFE5-11F00A1D608E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "927171C0-E754-4FC1-AA9F-6565ADE2B63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1C4E0-1EB0-4CDE-90D5-1A600BCBA93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC07AB3E-09D4-47B2-B065-8E5A73775982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97EB8961-9F4D-498D-B2C7-421175F8FE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B4BC20-945E-4F5E-A850-AE9BC30119F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4537E2AF-3E9F-40F2-8D20-CEFD2FF289C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Web Proxy Server 3.6 anterior a SP11 sobre Windows permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como BugID 6611356."
}
],
"id": "CVE-2007-6571",
"lastModified": "2024-11-21T00:40:28.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-28T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43977"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-28 23:04
Modified
2024-11-21 00:14
Severity ?
Summary
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*",
"matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "7805CF93-C1EC-4698-95A6-CAB9C26EEAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*",
"matchCriteriaId": "FAF567AF-95D6-4634-90BB-E34801F44459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*",
"matchCriteriaId": "A6F3E897-8253-4D9B-9FA7-83727F508789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*",
"matchCriteriaId": "18ECFDD3-6D45-44F1-BA98-426D86084BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*",
"matchCriteriaId": "4C28CDD2-F08A-438D-B4E2-093994BE50C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*",
"matchCriteriaId": "3A84AFF0-8598-48C7-90BE-DB2700F55430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E583F338-CF10-4FD5-8A86-A3CE46E863DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the \"document root directory\" via a direct request using a UTF-8 encoded URI."
},
{
"lang": "es",
"value": "Sun Java System Application Server (SJSAS) 7 hasta la 8.1 y Web Server (SJSWS) 6.0 y 6.1 permite a usuarios remotos validados leer archivos fuera del \"directorio de documentos del root\" a trav\u00e9s de respuesta directas utilizando una codificaci\u00f3n URI UTF-8."
}
],
"id": "CVE-2006-3921",
"lastModified": "2024-11-21T00:14:43.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-28T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21251"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22425"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102521-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/19200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-28 21:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp10:*:*:*:*:*:*",
"matchCriteriaId": "072BE21F-E09B-4087-83A0-44E9570AF6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*",
"matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*",
"matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*",
"matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp8:*:*:*:*:*:*",
"matchCriteriaId": "B53D14F8-67E5-480F-A87F-CCBCDA6F62E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp9:*:*:*:*:*:*",
"matchCriteriaId": "B71E5861-FC0F-4FEC-AFE5-11F00A1D608E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "927171C0-E754-4FC1-AA9F-6565ADE2B63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1C4E0-1EB0-4CDE-90D5-1A600BCBA93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC07AB3E-09D4-47B2-B065-8E5A73775982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97EB8961-9F4D-498D-B2C7-421175F8FE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B4BC20-945E-4F5E-A850-AE9BC30119F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4537E2AF-3E9F-40F2-8D20-CEFD2FF289C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad View URL Database (Ver Base de Datos de URLs) en Sun Java System Web Proxy Server 4.x anterior a 4.0.6 y 3.x anterio a 3.6 SP11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como BugID 6566309."
}
],
"id": "CVE-2007-6570",
"lastModified": "2024-11-21T00:40:28.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-28T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"source": "cve@mitre.org",
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40851"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28186"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43976"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-07 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC20AB39-705C-4F32-B735-5362D7690AC7",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files."
}
],
"id": "CVE-2005-1889",
"lastModified": "2024-11-20T23:58:21.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-07 19:00
Modified
2024-11-21 01:05
Severity ?
Summary
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "8ED84EE5-2C53-4A8E-98B7-4F9181D4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "BF718ABC-42C7-4FE1-82A0-00F3506F1D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "F590A1DC-7E1B-44CF-83D2-3FEDA91765C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "B0617E1B-FE70-442E-AEE6-BACC8515F005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "D2BC5828-0EF1-4640-91BF-9CC1E5FC6243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "9096D748-9527-4061-8106-526741831F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "207157F9-0AE4-45FB-A3DC-90C1F6E5376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "9E8B1333-125A-44F7-A6C3-4B04D3FC9A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "92BC8B61-3F58-43B3-9756-616376D4D2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "B9D7AA3C-6565-4291-A76F-3BE9311B77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "95ADB790-EF2D-4613-9F69-F37401518511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "9E64CD07-4AF7-49C4-A3C0-EE2BF9E067A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "D8C9CC43-EFB5-4192-81F2-0373961A7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "479657F1-8950-4C6C-9CD2-5FE3DF235E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "6F238642-873A-4A50-BF14-6B173A20A36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "3DA96674-2050-4686-A592-F450655073E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "5382933D-E32D-47F5-8892-65B94E06BD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "644C3EA4-607C-42E7-805B-8F2EF6AF694E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*",
"matchCriteriaId": "72304F6F-83F9-4207-93D9-6886AD9E88A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) est\u00e1 habilitado, no garantiza que \"policy advice\" (aviso de pol\u00edticas) se presenta al cliente correcto, lo cual permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2713",
"lastModified": "2024-11-21T01:05:34.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36167"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-28 21:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "E2C55657-79F3-4447-B827-EE443AB922CD",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:linux:*:*:*:*:*",
"matchCriteriaId": "6270A3A9-B5D1-4234-A3A4-AEF6ACE77932",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:sparc:*:*:*:*:*",
"matchCriteriaId": "D609436F-B0C8-4ACF-82B7-84A73582EE08",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "5552CC41-2A31-4339-B567-80C0BEDF520A",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:x86:*:*:*:*:*",
"matchCriteriaId": "EA6A7377-FF15-412A-BF34-C0E47030FE95",
"versionEndIncluding": "4.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:aix:*:*:*:*:*",
"matchCriteriaId": "845895BA-37A6-49A8-B37D-EC2CFF4B1042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "BF864FCC-8414-4481-9210-108EA3266FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A3A51792-C4A9-4504-98A1-485DB2F480EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:windows:*:*:*:*:*",
"matchCriteriaId": "58E16BFC-4A16-429B-A2B4-DB1EB29004F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:aix:*:*:*:*:*",
"matchCriteriaId": "E8E7D327-AB45-4DDC-A6B5-4A413B76440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "5318A317-0981-4A5D-9468-50E08219312B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A695E901-4FFF-4660-B49E-D7CB139536D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "24754087-DC84-4B0B-BBDE-70D288AFC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "DCFD3C8D-6E79-4DA6-A600-D952C8E5A151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "16E496C0-438E-4262-A54B-3CB69C4A88C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad View Error Log (Ver Registro de Errores) en Sun Java System Web Proxy Server 4.x anterior a 4.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como BugID 6566246."
}
],
"id": "CVE-2007-6569",
"lastModified": "2024-11-21T00:40:28.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-28T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/28186"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/28186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4313"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/14961 | Patch, Vendor Advisory | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/15504 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14961 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/15504 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang)."
}
],
"id": "CVE-2005-1150",
"lastModified": "2024-11-20T23:56:43.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14961"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57760-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-03 00:07
Modified
2024-11-21 00:20
Severity ?
Summary
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.0 | |
| sun | one_application_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_2:*:*:*:*:*:*",
"matchCriteriaId": "7D7E85C7-BA03-4107-9EF4-13BC2C6472DA",
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Network Security Services (NSS) de Sun Java System Web Server 6.0 versiones anteriores a SP 10 y ONE Application Server 7 anteriores a Update 3, cuando SSLv2 est\u00e1 habilitado, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (fallo de aplicaci\u00f3n) mediante vectores no especificados. NOTA: debido a la falta de detalles por parte del fabricanet, no est\u00e1 claro si esto est\u00e1 relacionado con el vector 1 en CVE-2006-5201."
}
],
"id": "CVE-2006-5654",
"lastModified": "2024-11-21T00:20:04.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-03T00:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22646"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017143"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20846"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4299"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29946"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-05 16:30
Modified
2024-11-21 01:08
Severity ?
Summary
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intevydis | vulndisco_pack | 8.12 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intevydis:vulndisco_pack:8.12:*:pro:*:*:*:*:*",
"matchCriteriaId": "C3F52543-008F-4734-B729-932FC554A57B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "C4E1A63C-F6C0-475C-BC3A-AC223E766614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Sun Java System Web Server v7.0 Update 6 con impacto no especificado y vectores de ataque remoto, como se demuestra por el m\u00f3dulo vd_sjws en VulnDisco Pack Professional v8.12. NOTA: a la fecha 05/11/2009, no hay ninguna informaci\u00f3n para utilizar esta vulnerabilidad. Sin embargo debido a que el autor de VulnDisco es un investigador reputado, se ha asignado un identificador CVE con el fin de hacerle un seguimiento."
}
],
"id": "CVE-2009-3878",
"lastModified": "2024-11-21T01:08:24.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-05T16:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37115"
},
{
"source": "cve@mitre.org",
"url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.intevydis.com/blog/?p=79"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/59497"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3024"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.intevydis.com/blog/?p=79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "C4E1A63C-F6C0-475C-BC3A-AC223E766614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la implementaci\u00f3n de WebDAV en webservd en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) y posiblemete, tener otro impacto a trav\u00e9s de los especificadores de cadena en el atributo codificado de la declaraci\u00f3n XML en una petici\u00f3n PROPFIND."
}
],
"id": "CVE-2010-0388",
"lastModified": "2024-11-21T01:12:06.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-25T19:30:01.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37910"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-webdav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 20:19
Modified
2024-11-21 00:28
Severity ?
Summary
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors."
},
{
"lang": "es",
"value": "El Servidor Web Sun Java System 6.1 anterior al 20070314 permite a usuarios remotos autenticados con certificados de cliente revocados, evitar el control CRL (Lista de Certificados Revocados) y acceder a instancias seguras del servidor web que corren bajo cuentas diferentes de la utilizado por el administrador del servidor mediante vectores sin especificar."
}
],
"id": "CVE-2007-1526",
"lastModified": "2024-11-21T00:28:32.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24531"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017777"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102822-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0958"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 7.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate."
}
],
"id": "CVE-2004-2216",
"lastModified": "2024-11-20T23:52:47.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13072"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/11383"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/11383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-20 03:02
Modified
2024-11-21 00:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_application_server | * | |
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | one_application_server | * | |
| sun | one_application_server | * | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_web_server | * | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "E3CBDF1B-C506-4A89-B597-AFEA98FBDBC9",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "AA47D452-353D-4108-9350-1A0EC1D2B728",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E24F3990-8090-49AA-B490-B57DF2756791",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*",
"matchCriteriaId": "948567FB-7B09-42BF-ACFA-A2E04E7BD276",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*",
"matchCriteriaId": "1A5885D7-8FC7-4BF7-BE07-06CE1C743454",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*",
"matchCriteriaId": "BDAF373D-CB7C-4410-8187-167B79480AA4",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nSun, ONE Web Server, 6.0 SP10 or later\r\nSun, Java System Web Server, 6.1 SP5 or later\r\nSun, ONE Application Server, 7.0 Platform Update 7 or later\r\nSun, ONE Application Server, 7.0 Standard Update 7 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Standard Update 3 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Enterprise Update 3 or later",
"id": "CVE-2006-2501",
"lastModified": "2024-11-21T00:11:27.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-20T03:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-13 17:30
Modified
2024-11-21 01:04
Severity ?
Summary
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "DCFD3C8D-6E79-4DA6-A600-D952C8E5A151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:windows:*:*:*:*:*",
"matchCriteriaId": "A7BDC9E6-87C4-4AE1-AEAD-518CCFF853E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp11:windows:*:*:*:*:*",
"matchCriteriaId": "BC9F5EA1-0CE5-417E-AE65-F4C47376DEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:windows:*:*:*:*:*",
"matchCriteriaId": "A018481B-EB48-4C4E-A1E4-324DCC437441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:windows:*:*:*:*:*",
"matchCriteriaId": "B0FEC983-91A6-4708-8308-B77B0FD2D9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:windows:*:*:*:*:*",
"matchCriteriaId": "431D609A-AA61-4C7C-8F4A-8B01DB2E32E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:windows:*:*:*:*:*",
"matchCriteriaId": "37CBE122-47ED-4659-B15A-55FAF15BA63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:windows:*:*:*:*:*",
"matchCriteriaId": "E3866A08-0CFA-473D-BBE5-4736282A6446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:windows:*:*:*:*:*",
"matchCriteriaId": "4541C58C-45F1-4F17-82B9-E33BE693D8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_5:windows:*:*:*:*:*",
"matchCriteriaId": "5DE90647-CF0D-4920-9F7A-B13572D7D71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:windows:*:*:*:*:*",
"matchCriteriaId": "C705F770-5086-4926-A110-A32D4170B8A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI."
},
{
"lang": "es",
"value": "iPlanet Web Server de Oracle (anteriormente Sun Java System Web Server o Sun ONE Web Server) versi\u00f3n 6.1 anterior a SP12, y versi\u00f3n 7.0 hasta Update 6, cuando se ejecutan en Windows, permite a los atacantes remotos leer archivos JSP arbitrarios por medio de una sintaxis de flujo de datos alternativa, como es demostrado por un URI .jsp::$DATA."
}
],
"id": "CVE-2009-2445",
"lastModified": "2024-11-21T01:04:53.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-13T17:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://isowarez.de/SunOne_Webserver.txt"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN47124169/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35701"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1022511"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/55655"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://isowarez.de/SunOne_Webserver.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN47124169/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1022511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/55655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4537E2AF-3E9F-40F2-8D20-CEFD2FF289C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to \"gain unauthorized access to data\", possibly involving a sample application."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Sun Java System Web Server versiones 6.0 y 6.1 anterior a 20070315, permite a atacantes remotos \"gain unauthorized access to data\", lo que posiblemente involucre una aplicaci\u00f3n de muestra."
}
],
"id": "CVE-2007-1488",
"lastModified": "2024-11-21T00:28:26.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34080"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24545"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22993"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017788"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0972"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102833-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-07-12 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/1459 | ||
| cve@mitre.org | http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1459 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 1.1.3 | |
| sun | java_system_web_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8812EC0B-E426-43D7-9E2B-542CAAAB0D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8894D1-5147-4065-AA67-ECFE676ED899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet."
}
],
"id": "CVE-2000-0629",
"lastModified": "2024-11-20T23:32:56.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-07-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1459"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-07 10:17
Modified
2024-11-21 00:34
Severity ?
Summary
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y nueva l\u00ednea) en la funcionalidad de redirecci\u00f3n de Sun Java System Web SErver 6.1 y 7.0 anterior al 02/08/2007, cuando la Funci\u00f3n de Aplicaci\u00f3n de Servidor (SAF) redirect usa el par\u00e1metro url-prefix y escape est\u00e1 deshabilitado, o una directiva de Error usa el par\u00e1metro url-prefix en obj.conf, permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP."
}
],
"id": "CVE-2007-4164",
"lastModified": "2024-11-21T00:34:56.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-07T10:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26326"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25190"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018504"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2766"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103003-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-28 21:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp10:*:*:*:*:*:*",
"matchCriteriaId": "072BE21F-E09B-4087-83A0-44E9570AF6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*",
"matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*",
"matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*",
"matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp8:*:*:*:*:*:*",
"matchCriteriaId": "B53D14F8-67E5-480F-A87F-CCBCDA6F62E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp9:*:*:*:*:*:*",
"matchCriteriaId": "B71E5861-FC0F-4FEC-AFE5-11F00A1D608E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "927171C0-E754-4FC1-AA9F-6565ADE2B63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1C4E0-1EB0-4CDE-90D5-1A600BCBA93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC07AB3E-09D4-47B2-B065-8E5A73775982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97EB8961-9F4D-498D-B2C7-421175F8FE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B4BC20-945E-4F5E-A850-AE9BC30119F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4537E2AF-3E9F-40F2-8D20-CEFD2FF289C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Web Server 6.1 anterior al SP8 y 7.0 anterior al Update 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como BugID 6566204."
}
],
"id": "CVE-2007-6572",
"lastModified": "2024-11-21T00:40:28.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-28T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43978"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-20 16:30
Modified
2024-11-21 01:12
Severity ?
Summary
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "38180D34-4B12-4095-B849-8D46B58AAFDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an \"overflow.\" NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273."
},
{
"lang": "es",
"value": "Sun Java System Web Server (tambi\u00e9n conocido como SJWS) 7.0 actualizaci\u00f3n 7 permite a atacantes remotos sobrescribir localizaciones de memoria en la pila, y descubrir lo contenidos de las localizaciones de memoria, a trav\u00e9s de una petici\u00f3n malformada \"HTTP TRACE\" que incluye una URI larga y muchos encabezamientos vac\u00edos, relacionados con un \"desbordamiento.\" NOTA: Esta vulnerabilidad podr\u00eda superponerse con CVE-2010-0272 y CVE-2010-0273."
}
],
"id": "CVE-2010-0360",
"lastModified": "2024-11-21T01:12:03.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-20T16:30:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html"
},
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-trace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "38180D34-4B12-4095-B849-8D46B58AAFDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an \"Authorization: Digest\" HTTP header."
},
{
"lang": "es",
"value": "Multiples desbordamientos de b\u00fafer basado en memoria din\u00e1mica (heap) en el webservd y el admin server en Sun Java System Web Server v7.0 Update 7, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) y posiblemente tener otro impacto a trav\u00e9s de una cadena larga en la cabecera HTTP \"Authorization: Digest\"."
}
],
"id": "CVE-2010-0387",
"lastModified": "2024-11-21T01:12:06.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-25T19:30:01.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023488"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-digest.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-05 16:00
Modified
2024-11-21 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:*:*:*:*:*",
"matchCriteriaId": "C432A6A6-E063-49F5-9784-0E34B5F843EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:*:*:*:*:*",
"matchCriteriaId": "389FD567-59F5-47C3-B000-E916357889DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:*:*:*:*:*",
"matchCriteriaId": "A58B50D0-CBEA-43D5-9537-E9418B13CDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:*:*:*:*:*",
"matchCriteriaId": "131D4D0F-D73B-434A-845E-9788EE48915B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:*:*:*:*:*",
"matchCriteriaId": "698DCBEF-41C5-474E-BE60-0BC285A89B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:*:*:*:*:*",
"matchCriteriaId": "D0518BE3-1E9A-4974-9805-E70CB95ADC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:*:*:*:*:*",
"matchCriteriaId": "A53CE597-7827-4BDD-A922-23829485A1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:aix:*:*:*:*:*",
"matchCriteriaId": "566250FE-D1E1-43CE-9255-99B8AC1FD0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:*:*:*:*:*",
"matchCriteriaId": "9A6494E5-72D1-43E0-ABEE-16D23D167801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:*:*:*:*:*",
"matchCriteriaId": "1AD96005-4158-4962-BD8E-3CED7CF3E900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:aix:*:*:*:*:*",
"matchCriteriaId": "725A8D67-7742-4BE2-AADE-E76BC880A9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:hp_ux:*:*:*:*:*",
"matchCriteriaId": "43511DA8-A07B-4927-9FB2-CF2429BC50C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:hp_ux:*:*:*:*:*",
"matchCriteriaId": "F84E3EFA-4013-4538-A32B-59B4EE874D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:hp_ux:*:*:*:*:*",
"matchCriteriaId": "2E956D83-8463-4A5C-9D7F-CED9A43E3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:hp_ux:*:*:*:*:*",
"matchCriteriaId": "84E5E3A8-1938-4CB4-9673-196F4E6D37C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:hp_ux:*:*:*:*:*",
"matchCriteriaId": "E2281A43-3C8D-470F-8F95-B63AA5F27BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:hp_ux:*:*:*:*:*",
"matchCriteriaId": "98952019-7F68-4A6B-810C-829A82A472E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:hp_ux:*:*:*:*:*",
"matchCriteriaId": "4E3A50B8-050E-401E-8B7C-700B3B478FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "92F78B4D-89AC-4941-9E32-8FD21F3DC9C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:hp_ux:*:*:*:*:*",
"matchCriteriaId": "B80D8913-987A-4316-BC53-16236B4356F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:hp_ux:*:*:*:*:*",
"matchCriteriaId": "3E69834C-A381-4AC6-B42E-F19E199D5A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:hp_ux:*:*:*:*:*",
"matchCriteriaId": "57A273B7-CDB6-4F47-AFE3-3864DCC01E4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:linux:*:*:*:*:*",
"matchCriteriaId": "99520DA9-10F0-43E8-8A77-2FDA676922C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:linux:*:*:*:*:*",
"matchCriteriaId": "5165C493-78EC-44FC-9401-4BC9BB4D857B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:linux:*:*:*:*:*",
"matchCriteriaId": "7A4F803A-14B6-47FB-92C6-7E4BE435A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:linux:*:*:*:*:*",
"matchCriteriaId": "7276CA8E-4DEC-4B84-8D3B-1F59AE192987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:linux:*:*:*:*:*",
"matchCriteriaId": "9CE812CB-48A5-44AB-AB92-420C1F9B8396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:linux:*:*:*:*:*",
"matchCriteriaId": "8C227B78-F34D-48B3-B150-EA91B6CA74FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:linux:*:*:*:*:*",
"matchCriteriaId": "1004FBF0-AD2A-45A0-A4D7-E24EFC41A558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "88A61895-37FC-462F-928D-65BF02A0676D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:linux:*:*:*:*:*",
"matchCriteriaId": "DE360D60-0894-4E3F-AE2A-A135C4382D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:linux:*:*:*:*:*",
"matchCriteriaId": "361DF0F9-1808-495E-8189-BFBC3AD082F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:linux:*:*:*:*:*",
"matchCriteriaId": "2DD5222B-BFF5-4FFF-BD91-5B2CBDE14312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:windows:*:*:*:*:*",
"matchCriteriaId": "A7BDC9E6-87C4-4AE1-AEAD-518CCFF853E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:windows:*:*:*:*:*",
"matchCriteriaId": "A018481B-EB48-4C4E-A1E4-324DCC437441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:windows:*:*:*:*:*",
"matchCriteriaId": "B0FEC983-91A6-4708-8308-B77B0FD2D9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:windows:*:*:*:*:*",
"matchCriteriaId": "431D609A-AA61-4C7C-8F4A-8B01DB2E32E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:windows:*:*:*:*:*",
"matchCriteriaId": "37CBE122-47ED-4659-B15A-55FAF15BA63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:windows:*:*:*:*:*",
"matchCriteriaId": "E3866A08-0CFA-473D-BBE5-4736282A6446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:windows:*:*:*:*:*",
"matchCriteriaId": "4541C58C-45F1-4F17-82B9-E33BE693D8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "3B3825DF-E190-4B15-8160-CAFACDDE7686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:windows:*:*:*:*:*",
"matchCriteriaId": "91B10E76-4D66-42B2-BC3B-86F158078CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:windows:*:*:*:*:*",
"matchCriteriaId": "D2311610-C676-4F41-8F64-224C074C8295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:windows:*:*:*:*:*",
"matchCriteriaId": "A3C45222-B840-446B-ADF3-08C09A8B52CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:sparc:*:*:*:*:*",
"matchCriteriaId": "A280F4D8-13D9-407B-A5C7-E85D7E83A142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:sparc:*:*:*:*:*",
"matchCriteriaId": "348671B8-279F-426B-A00B-5948297EDFFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:sparc:*:*:*:*:*",
"matchCriteriaId": "45088B1A-D4C7-4FA9-AE39-5B0D2941A8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:sparc:*:*:*:*:*",
"matchCriteriaId": "55BC4F3F-51D0-432A-96D5-65C7599F9832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:sparc:*:*:*:*:*",
"matchCriteriaId": "C434356D-DAB3-4B78-B1D2-AEB8EC69CE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:sparc:*:*:*:*:*",
"matchCriteriaId": "300FA553-5FE3-4036-B80B-C4806C865660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:sparc:*:*:*:*:*",
"matchCriteriaId": "D35923A0-BF2C-400F-BE43-A13B67E4ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "4DB66630-4A2A-44F2-971C-3B353F687868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:sparc:*:*:*:*:*",
"matchCriteriaId": "CB79BECF-1413-438F-9741-CC3BE256E1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:sparc:*:*:*:*:*",
"matchCriteriaId": "ACAFC237-58BC-4CB1-948C-A2D9B3742809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:sparc:*:*:*:*:*",
"matchCriteriaId": "4B0293BA-6694-4FD0-93FE-7F674AA2A604",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:x86:*:*:*:*:*",
"matchCriteriaId": "80CB7673-2A98-434B-99A3-24DB4686CDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:x86:*:*:*:*:*",
"matchCriteriaId": "6BBCB1B9-965D-41C9-81A4-A7470AE46D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp48:x86:*:*:*:*:*",
"matchCriteriaId": "B2F944E7-F894-42D8-8167-BCC2DEE10BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:x86:*:*:*:*:*",
"matchCriteriaId": "09FB3270-1242-4EE9-86B7-7B841DEF2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:x86:*:*:*:*:*",
"matchCriteriaId": "70901AC0-E2E5-4C8C-B903-105AF7528D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:x86:*:*:*:*:*",
"matchCriteriaId": "440814EC-4215-4ACB-912F-DA75C5CD1AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:x86:*:*:*:*:*",
"matchCriteriaId": "17466643-0B26-4D65-B2FD-C958D906BE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "DF9C742B-C0C4-46D5-A7DA-025852069BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "3378607F-5EF7-4C11-8254-6A44A03B8BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "7ACFC436-5A5C-4E31-957F-ED5127ECDB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:x86:*:*:*:*:*",
"matchCriteriaId": "D5E51FAA-1DD4-478F-B439-D344C33AE355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Reverse Proxy Plug-in en Sun Java System Web Server v6.1 anterior a SP11, permite a atacantes remotos la inyecci\u00f3n de c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s de una consulta de cadena en situaciones resultantes de un error \"502 Gateway\"."
}
],
"id": "CVE-2009-1934",
"lastModified": "2024-11-21T01:03:43.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-05T16:00:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54872"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35338"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-07 19:00
Modified
2024-11-21 01:05
Severity ?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "8ED84EE5-2C53-4A8E-98B7-4F9181D4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "BF718ABC-42C7-4FE1-82A0-00F3506F1D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "F590A1DC-7E1B-44CF-83D2-3FEDA91765C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "B0617E1B-FE70-442E-AEE6-BACC8515F005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "D2BC5828-0EF1-4640-91BF-9CC1E5FC6243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "9096D748-9527-4061-8106-526741831F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "207157F9-0AE4-45FB-A3DC-90C1F6E5376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "9E8B1333-125A-44F7-A6C3-4B04D3FC9A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "92BC8B61-3F58-43B3-9756-616376D4D2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "B9D7AA3C-6565-4291-A76F-3BE9311B77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "95ADB790-EF2D-4613-9F69-F37401518511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "9E64CD07-4AF7-49C4-A3C0-EE2BF9E067A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "D8C9CC43-EFB5-4192-81F2-0373961A7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "479657F1-8950-4C6C-9CD2-5FE3DF235E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "6F238642-873A-4A50-BF14-6B173A20A36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "3DA96674-2050-4686-A592-F450655073E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "5382933D-E32D-47F5-8892-65B94E06BD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "644C3EA4-607C-42E7-805B-8F2EF6AF694E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*",
"matchCriteriaId": "72304F6F-83F9-4207-93D9-6886AD9E88A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D05F3A1-C5F3-43CA-9150-17FE55A89A30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
},
{
"lang": "es",
"value": "Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuraci\u00f3n, permite a los usuarios locales descubrir contrase\u00f1as en texto claro mediante la lectura de archivos de depuraci\u00f3n."
}
],
"id": "CVE-2009-2712",
"lastModified": "2024-11-21T01:05:34.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.110",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/56815"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36169"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/56815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-04 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | |
| sun | java_system_application_server | 8.1 | |
| sun | java_system_web_proxy_server | - | |
| sun | java_system_web_proxy_server | 3.6 | |
| sun | java_system_web_proxy_server | 4.0 | |
| sun | java_system_web_server | 6.0 | |
| sun | java_system_web_server | 6.1 | |
| sun | one_application_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados."
}
],
"id": "CVE-2006-6276",
"lastModified": "2024-11-21T00:22:19.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-04T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/23186"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017322"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/23186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1017324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/21371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2006/4793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-20 16:30
Modified
2024-11-21 01:12
Severity ?
Summary
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "38180D34-4B12-4095-B849-8D46B58AAFDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la implementaci\u00f3n WebDAV en webservd en Sun Java System Web Server (tambien conocido como SJWS) 7.0 actualizaci\u00f3n 7 permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de demonio) y posiblemente conseguir un impacto sin especificar a trav\u00e9s de una URI larga en la peticion \"HTTP OPTIONS\""
}
],
"id": "CVE-2010-0361",
"lastModified": "2024-11-21T01:12:03.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-20T16:30:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70u7-webdav.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-09 15:20
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4BBA10-5199-45B0-9288-4DD492D8D9CE",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp7:*:*:*:*:*:*",
"matchCriteriaId": "CA9A7000-7E63-472C-9D60-0BEA4D775A4E",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Java System Application Server versi\u00f3n 7 2004Q2 anterior a Update 6, Web Server versi\u00f3n 6.1 anterior a SP8 y and Web Server versi\u00f3n 7.0 anterior a Update 1 permite a atacantes remotos obtener el c\u00f3digo fuente de los ficheros JSP mediante vectores no conocidos."
}
],
"id": "CVE-2008-2120",
"lastModified": "2024-11-21T00:46:08.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-09T15:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30122"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1457/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-03 14:32
Modified
2024-11-21 00:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "BABE9BB1-E968-4EC9-A13A-6ECBCDC0D9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B6606659-59FE-4E17-9643-2267223DE6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "9BC77D08-B591-4824-AC47-F14F4F53C63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F79805E6-ED7E-4BD1-9A2F-2D3B23B05981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA741F-6B77-44E5-8B84-AB5E49901BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "F44ABA9C-D281-4C9D-A313-013F82E5BFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "60712BCA-1AE2-4F19-B8EF-462A1F0BDED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el mecanismo de b\u00fasqueda avanzada (webapps/search/advanced.jsp) de Sun Java System Web Server 6.1 versiones anteriores a SP9 y 7.0 versiones anteriores a Update 3 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s de vectores no especificados, probablemente relacionados al par\u00e1metro next."
}
],
"id": "CVE-2008-2518",
"lastModified": "2024-11-21T00:47:03.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-03T14:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30381"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020110"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1649/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1649/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-11-14 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 1.1.2 | |
| sun | java_system_web_server | 1.1.3 | |
| sun | java_system_web_server | 1.1_beta | |
| sun | java_system_web_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF95716-6357-4F5D-A6C4-79EE8E3C49E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8812EC0B-E426-43D7-9E2B-542CAAAB0D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:1.1_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "454CFAE0-1FA0-4E25-8E2E-93E289CCF3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8894D1-5147-4065-AA67-ECFE676ED899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag."
}
],
"id": "CVE-2000-0812",
"lastModified": "2024-11-20T23:33:20.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-11-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/197\u0026type=0\u0026nav=sec.sba"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1600"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/templates/advisory.html?id=2542"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/197\u0026type=0\u0026nav=sec.sba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/templates/advisory.html?id=2542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5135"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-08 17:30
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:linux:*:*:*:*:*",
"matchCriteriaId": "44DAF413-DA16-4805-A73F-C4752FE6195C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Sun Java System Web Server v7.0 Update v6 en Linux permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n enviando una direcci\u00f3n del proceso de memoria y datos manipuladosal puerto 80 TCP, como se ha demostrado en el m\u00f3dulo vd_sjws2 en VulnDisco. NOTA: A fecha 06/01/2010 esta vulnerabilidad no contiene informaci\u00f3n determinante. Sin embargo, debido a que el autor de VulnDisco en un investigador reconocido, se le ha asignado un identificador CVE con el objetivo de realizar el seguimiento."
}
],
"id": "CVE-2010-0273",
"lastModified": "2024-11-21T01:11:52.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-08T17:30:02.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.intevydis.com/blog/?p=102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "C4E1A63C-F6C0-475C-BC3A-AC223E766614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "38180D34-4B12-4095-B849-8D46B58AAFDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token."
},
{
"lang": "es",
"value": "El admin server en Sun Java System Web Server v7.0 Update 6, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (deferencia a puntero NULL y ca\u00edda de demonio) a trav\u00e9s de una petici\u00f3n HTTP al que le falta el m\u00e9todo \"token\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/slices/2000.html\r\n\r\nCWE-476 NULL Pointer Dereference",
"id": "CVE-2010-0389",
"lastModified": "2024-11-21T01:12:06.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-25T19:30:01.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.blogspot.com/2010/01/sun-java-system-web-server-70-admin.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-08 17:30
Modified
2024-11-21 01:11
Severity ?
Summary
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:update_6:linux:*:*:*:*:*",
"matchCriteriaId": "44DAF413-DA16-4805-A73F-C4752FE6195C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en Sun Java System Web Server v7.0 Update v6 en Linux permite a atacantes remotos descubrir localizaciones del proceso de memoria a trav\u00e9s de informaci\u00f3n manipulada en el puerto 80 TCP, como se ha desmostrado en el m\u00f3dulo vd_sjws2 en VulnDisco. NOTA: A fecha 06/01/2010 esta vulnerabilidad no contiene informaci\u00f3n determinante. Sin embargo, debido a que el autor de VulnDisco en un investigador reconocido, se le ha asignado un identificador CVE con el objetivo de realizar el seguimiento."
}
],
"id": "CVE-2010-0272",
"lastModified": "2024-11-21T01:11:52.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-08T17:30:02.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://intevydis.com/sjws_demo.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.intevydis.com/blog/?p=102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55527"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-13 20:20
Modified
2024-11-21 00:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 | |
| sun | java_system_web_server | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:aix:*:*:*:*:*",
"matchCriteriaId": "E8E7D327-AB45-4DDC-A6B5-4A413B76440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "5318A317-0981-4A5D-9468-50E08219312B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A695E901-4FFF-4660-B49E-D7CB139536D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "24754087-DC84-4B0B-BBDE-70D288AFC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "DCFD3C8D-6E79-4DA6-A600-D952C8E5A151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "16E496C0-438E-4262-A54B-3CB69C4A88C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "4AB42DB5-10BA-454E-A9F5-A0581BD21FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "53671389-3822-41CD-ABC9-DC19871579AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "F69C48CB-A038-431D-ABE4-A216E5283266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "6EEB898B-0036-4B7B-B15A-595487D09D72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el M\u00f3dulo de b\u00fasqueda de Sun Java System Web Server 6.1 anterior a SP9 y 7.0 previo a la Update 2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de par\u00e1metros desconocidos en index.jsp."
}
],
"id": "CVE-2008-2166",
"lastModified": "2024-11-21T00:46:14.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-13T20:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019987"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1455/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/29087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1455/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42263"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}