All the vulnerabilites related to sun - one_web_server
Vulnerability from fkie_nvd
Published
2010-02-25 19:30
Modified
2024-11-20 23:47
Severity ?
Summary
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Sun ONE (tambi\u00e9n conocido como iPlanet) Web Server v6.0 SP3 a SP5 sobre Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2003-1590",
"lastModified": "2024-11-20T23:47:31.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-25T19:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-25 19:30
Modified
2024-11-20 23:47
Severity ?
Summary
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "873034EA-B3C6-43E6-AE98-A04598D9A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EF410-9D8F-4C94-8636-93D455E0C072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8CA92E60-8D25-4BA0-8C71-7A271439DEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A968709C-2B0B-423B-8A75-61D301DE7398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Sun ONE (aka iPlanet) Web Server v4.1 anteriores a SP13 y v6.0 anteriores SP6 sobre Windows permite a atacantes producir una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2003-1589",
"lastModified": "2024-11-20T23:47:31.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-25T19:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-05 22:30
Modified
2024-11-20 23:47
Severity ?
Summary
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | * | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | * | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*",
"matchCriteriaId": "B96D0FA5-9288-4B6D-8D81-C892FE8CCBE0",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "404F6586-4E74-40CE-B579-945D21FC4AB0",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EF410-9D8F-4C94-8636-93D455E0C072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8CA92E60-8D25-4BA0-8C71-7A271439DEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A968709C-2B0B-423B-8A75-61D301DE7398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a \"format=\" substring, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
},
{
"lang": "es",
"value": "Sun ONE (conocido tambi\u00e9n como iPlanet) Web Server v4.1 hasta SP12 y v6.0 hasta SP5, cuando la resoluci\u00f3n DNS est\u00e1 activada para direcciones IP de clientes, permite a atacantes remotos ocultar peticiones HTTP desde la funcionalidad log-preview por acompa\u00f1amiento de peticiones con respuestas DNS manipuladas especificando un nombre de dominio que empieza por la subcadena cadena \"format=\", relacionado con el tema \"Inverse Lookup Log Corruption (ILLC)\".\r\n\r\n\r\n"
}
],
"id": "CVE-2003-1578",
"lastModified": "2024-11-20T23:47:29.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-05T22:30:01.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/7012"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/7012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "72E930EF-CCEC-44EA-AA45-18644EFDA5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:certificate_server:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "506D842B-339C-452A-A229-C6B59B0E038D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*",
"matchCriteriaId": "1CD1E4C9-BFF1-4818-A1B8-ECD7B54C8B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "492922BE-3B31-486C-94B5-114089E51E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70E0FF18-9B01-4500-9599-8F085655C388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE69D422-E6FF-40F5-BC73-73BE3A042DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "39B65825-FE48-4938-A04F-12740611681B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:directory_server:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE13D7D-2171-44F3-84D3-4CFD024AA3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5E0298-99D9-476D-A7DF-36C6207482DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0069EE-831B-4E6D-9AF9-71EFC9EED509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "5234109F-AD90-4324-AA03-C5DE007D32F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B9FDA-DC62-4EC9-9120-A7E6795C2815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60812728-EC82-461E-BBDC-C5B4C1BF79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D94D2CA3-9868-4F27-B31D-D3EDC256BE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*",
"matchCriteriaId": "75FFC8CC-AB53-40CD-B6DF-C8CC17320FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAF40A-00F0-48BA-BEE7-4722C82DC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6280F25-3BC7-4701-914A-9ADC35A1A73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2CB845-D0E6-4B45-95A1-879BCCA037D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F18F9770-12E2-44D5-ABB6-EDFD2383BFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2CB1E6-63A1-42C5-889C-7EA83CB50543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34D42A9F-449C-4F4D-B610-538BF133F744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*",
"matchCriteriaId": "5AECADB3-F1EC-4410-AECF-D2C08B18F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4147A43C-DA7B-4D08-90E9-72DE57B1D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3577B789-DBB6-413D-B964-B32FE3E8CD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "FFBC4A27-818F-4B2C-818E-62FB43440DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1721BFD6-7914-4ADB-8205-38964C8FFDA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4EB62E6F-87E2-4A98-B4BD-3E0036CE7640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "418B500F-2A05-4419-997F-E04ECA2E3626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD208FC-AC17-45DF-9A5F-D8CDA6DB3A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4A29E0A5-9C1D-4CCF-AEEB-FF0B32B4201D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0CE4230F-88A6-49DD-A05A-FCF4F2A5FF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "85FAD645-5AFB-4553-85DA-D25E0333A26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "0D98D58B-AE93-4471-81E0-FD0A4ED1AD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "85C1DEB1-2628-45D4-9DB4-64A4CF9C89B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "F331B4BD-1381-4011-B2D9-9CD9B73F976B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*",
"matchCriteriaId": "B708CDB3-0BF9-4FE4-855F-DB6E1FE5A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*",
"matchCriteriaId": "DA8D4321-3683-460F-AFAA-1D31E9B16818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:personalization_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B348FC-6FEF-4682-BC25-82E726BFB64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8DFE4D-1FB6-41D7-AAB6-82400C6B4504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*",
"matchCriteriaId": "132976FA-A42E-4CC0-8C8F-9A034A046B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "EE5A4BC2-ED34-4968-881E-ED6AD300AC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "D00790CE-CD77-4C39-80AC-5FBD298DD63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "BC5F2280-EC46-4D2F-8402-FE91ECEE6A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*",
"matchCriteriaId": "60EBC552-FAC2-4833-B1A6-696DC06301A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E583F338-CF10-4FD5-8A86-A3CE46E863DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "873034EA-B3C6-43E6-AE98-A04598D9A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*",
"matchCriteriaId": "AC90D2B4-4FBE-405A-BD17-F84A37DC914E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*",
"matchCriteriaId": "04366BB7-9F1D-4EC0-AE79-9603F71166C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E66F55C3-F5BD-49A7-B561-ACD8D522225D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4493C646-DF4B-45C7-86F7-A71AC9B1CA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "689F0A9F-8F34-4958-B869-C4FB8BC02406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*",
"matchCriteriaId": "D73D159B-C3D8-4BBD-8BAA-E9E8D3AD3A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"id": "CVE-2004-0826",
"lastModified": "2024-11-20T23:49:30.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-20 03:02
Modified
2024-11-21 00:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_application_server | * | |
| sun | java_system_application_server | * | |
| sun | java_system_web_server | * | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | java_system_web_server | 6.1 | |
| sun | one_application_server | * | |
| sun | one_application_server | * | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_application_server | 7.0 | |
| sun | one_web_server | * | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "E3CBDF1B-C506-4A89-B597-AFEA98FBDBC9",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "AA47D452-353D-4108-9350-1A0EC1D2B728",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E24F3990-8090-49AA-B490-B57DF2756791",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*",
"matchCriteriaId": "948567FB-7B09-42BF-ACFA-A2E04E7BD276",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*",
"matchCriteriaId": "1A5885D7-8FC7-4BF7-BE07-06CE1C743454",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*",
"matchCriteriaId": "BDAF373D-CB7C-4410-8187-167B79480AA4",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nSun, ONE Web Server, 6.0 SP10 or later\r\nSun, Java System Web Server, 6.1 SP5 or later\r\nSun, ONE Application Server, 7.0 Platform Update 7 or later\r\nSun, ONE Application Server, 7.0 Standard Update 7 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Standard Update 3 or later\r\nSun, Java System Application Server, 7.0 2004Q2 Enterprise Update 3 or later",
"id": "CVE-2006-2501",
"lastModified": "2024-11-21T00:11:27.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-20T03:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-05 22:30
Modified
2024-11-20 23:47
Severity ?
Summary
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | * | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | 4.1 | |
| sun | one_web_server | * | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*",
"matchCriteriaId": "B96D0FA5-9288-4B6D-8D81-C892FE8CCBE0",
"versionEndIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "404F6586-4E74-40CE-B579-945D21FC4AB0",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EF410-9D8F-4C94-8636-93D455E0C072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8CA92E60-8D25-4BA0-8C71-7A271439DEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A968709C-2B0B-423B-8A75-61D301DE7398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316."
},
{
"lang": "es",
"value": "Sun ONE (tambien conocido como iPlanet) Web Server v4.1 hasta SP12 y v6.0 hasta SP5, cuando la resoluci\u00f3n DNS est\u00e1 activada para direcciones IP de clientes, permite a atacantes remotos inyectar t\u00e9xto de su elecci\u00f3n dentro de ficheros de log, y provocar un ataque de secuencias de comandos en sitios cruzados (XSS)involucrando al analizador iPlanet Log, a trav\u00e9s de una petici\u00f3n HTTP en ocnjunci\u00f3n con una respuesta DNS manipulada, relacionado con el tema \"Inverse Lookup Log Corruption (ILLC)\", una vulnerabilidad difrente que CVE-2002-1315 y CVE-2002-1316."
}
],
"id": "CVE-2003-1577",
"lastModified": "2024-11-20T23:47:29.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-05T22:30:01.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/9541 | Patch | |
| cve@mitre.org | http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1 | Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/636964 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/9541 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/636964 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service."
}
],
"id": "CVE-2003-1126",
"lastModified": "2024-11-20T23:46:24.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/9541"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/636964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/9541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/636964"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-05 16:00
Modified
2024-11-21 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:*:*:*:*:*",
"matchCriteriaId": "C432A6A6-E063-49F5-9784-0E34B5F843EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:*:*:*:*:*",
"matchCriteriaId": "389FD567-59F5-47C3-B000-E916357889DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:*:*:*:*:*",
"matchCriteriaId": "A58B50D0-CBEA-43D5-9537-E9418B13CDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:*:*:*:*:*",
"matchCriteriaId": "131D4D0F-D73B-434A-845E-9788EE48915B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:*:*:*:*:*",
"matchCriteriaId": "698DCBEF-41C5-474E-BE60-0BC285A89B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:*:*:*:*:*",
"matchCriteriaId": "D0518BE3-1E9A-4974-9805-E70CB95ADC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:*:*:*:*:*",
"matchCriteriaId": "A53CE597-7827-4BDD-A922-23829485A1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:aix:*:*:*:*:*",
"matchCriteriaId": "566250FE-D1E1-43CE-9255-99B8AC1FD0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:*:*:*:*:*",
"matchCriteriaId": "9A6494E5-72D1-43E0-ABEE-16D23D167801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:*:*:*:*:*",
"matchCriteriaId": "1AD96005-4158-4962-BD8E-3CED7CF3E900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:aix:*:*:*:*:*",
"matchCriteriaId": "725A8D67-7742-4BE2-AADE-E76BC880A9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:hp_ux:*:*:*:*:*",
"matchCriteriaId": "43511DA8-A07B-4927-9FB2-CF2429BC50C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:hp_ux:*:*:*:*:*",
"matchCriteriaId": "F84E3EFA-4013-4538-A32B-59B4EE874D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:hp_ux:*:*:*:*:*",
"matchCriteriaId": "2E956D83-8463-4A5C-9D7F-CED9A43E3C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:hp_ux:*:*:*:*:*",
"matchCriteriaId": "84E5E3A8-1938-4CB4-9673-196F4E6D37C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:hp_ux:*:*:*:*:*",
"matchCriteriaId": "E2281A43-3C8D-470F-8F95-B63AA5F27BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:hp_ux:*:*:*:*:*",
"matchCriteriaId": "98952019-7F68-4A6B-810C-829A82A472E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:hp_ux:*:*:*:*:*",
"matchCriteriaId": "4E3A50B8-050E-401E-8B7C-700B3B478FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "92F78B4D-89AC-4941-9E32-8FD21F3DC9C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:hp_ux:*:*:*:*:*",
"matchCriteriaId": "B80D8913-987A-4316-BC53-16236B4356F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:hp_ux:*:*:*:*:*",
"matchCriteriaId": "3E69834C-A381-4AC6-B42E-F19E199D5A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:hp_ux:*:*:*:*:*",
"matchCriteriaId": "57A273B7-CDB6-4F47-AFE3-3864DCC01E4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:linux:*:*:*:*:*",
"matchCriteriaId": "99520DA9-10F0-43E8-8A77-2FDA676922C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:linux:*:*:*:*:*",
"matchCriteriaId": "5165C493-78EC-44FC-9401-4BC9BB4D857B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:linux:*:*:*:*:*",
"matchCriteriaId": "7A4F803A-14B6-47FB-92C6-7E4BE435A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:linux:*:*:*:*:*",
"matchCriteriaId": "7276CA8E-4DEC-4B84-8D3B-1F59AE192987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:linux:*:*:*:*:*",
"matchCriteriaId": "9CE812CB-48A5-44AB-AB92-420C1F9B8396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:linux:*:*:*:*:*",
"matchCriteriaId": "8C227B78-F34D-48B3-B150-EA91B6CA74FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:linux:*:*:*:*:*",
"matchCriteriaId": "1004FBF0-AD2A-45A0-A4D7-E24EFC41A558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "88A61895-37FC-462F-928D-65BF02A0676D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:linux:*:*:*:*:*",
"matchCriteriaId": "DE360D60-0894-4E3F-AE2A-A135C4382D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:linux:*:*:*:*:*",
"matchCriteriaId": "361DF0F9-1808-495E-8189-BFBC3AD082F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:linux:*:*:*:*:*",
"matchCriteriaId": "2DD5222B-BFF5-4FFF-BD91-5B2CBDE14312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:windows:*:*:*:*:*",
"matchCriteriaId": "A7BDC9E6-87C4-4AE1-AEAD-518CCFF853E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:windows:*:*:*:*:*",
"matchCriteriaId": "A018481B-EB48-4C4E-A1E4-324DCC437441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:windows:*:*:*:*:*",
"matchCriteriaId": "B0FEC983-91A6-4708-8308-B77B0FD2D9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:windows:*:*:*:*:*",
"matchCriteriaId": "431D609A-AA61-4C7C-8F4A-8B01DB2E32E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:windows:*:*:*:*:*",
"matchCriteriaId": "37CBE122-47ED-4659-B15A-55FAF15BA63C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:windows:*:*:*:*:*",
"matchCriteriaId": "E3866A08-0CFA-473D-BBE5-4736282A6446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:windows:*:*:*:*:*",
"matchCriteriaId": "4541C58C-45F1-4F17-82B9-E33BE693D8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "3B3825DF-E190-4B15-8160-CAFACDDE7686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:windows:*:*:*:*:*",
"matchCriteriaId": "91B10E76-4D66-42B2-BC3B-86F158078CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:windows:*:*:*:*:*",
"matchCriteriaId": "D2311610-C676-4F41-8F64-224C074C8295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:windows:*:*:*:*:*",
"matchCriteriaId": "A3C45222-B840-446B-ADF3-08C09A8B52CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:sparc:*:*:*:*:*",
"matchCriteriaId": "A280F4D8-13D9-407B-A5C7-E85D7E83A142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:sparc:*:*:*:*:*",
"matchCriteriaId": "348671B8-279F-426B-A00B-5948297EDFFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:sparc:*:*:*:*:*",
"matchCriteriaId": "45088B1A-D4C7-4FA9-AE39-5B0D2941A8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:sparc:*:*:*:*:*",
"matchCriteriaId": "55BC4F3F-51D0-432A-96D5-65C7599F9832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:sparc:*:*:*:*:*",
"matchCriteriaId": "C434356D-DAB3-4B78-B1D2-AEB8EC69CE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp8:sparc:*:*:*:*:*",
"matchCriteriaId": "300FA553-5FE3-4036-B80B-C4806C865660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:sparc:*:*:*:*:*",
"matchCriteriaId": "D35923A0-BF2C-400F-BE43-A13B67E4ED89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "4DB66630-4A2A-44F2-971C-3B353F687868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:sparc:*:*:*:*:*",
"matchCriteriaId": "CB79BECF-1413-438F-9741-CC3BE256E1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:sparc:*:*:*:*:*",
"matchCriteriaId": "ACAFC237-58BC-4CB1-948C-A2D9B3742809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:sparc:*:*:*:*:*",
"matchCriteriaId": "4B0293BA-6694-4FD0-93FE-7F674AA2A604",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp10:x86:*:*:*:*:*",
"matchCriteriaId": "80CB7673-2A98-434B-99A3-24DB4686CDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:x86:*:*:*:*:*",
"matchCriteriaId": "6BBCB1B9-965D-41C9-81A4-A7470AE46D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp48:x86:*:*:*:*:*",
"matchCriteriaId": "B2F944E7-F894-42D8-8167-BCC2DEE10BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp5:x86:*:*:*:*:*",
"matchCriteriaId": "09FB3270-1242-4EE9-86B7-7B841DEF2533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp6:x86:*:*:*:*:*",
"matchCriteriaId": "70901AC0-E2E5-4C8C-B903-105AF7528D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp7:x86:*:*:*:*:*",
"matchCriteriaId": "440814EC-4215-4ACB-912F-DA75C5CD1AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp9:x86:*:*:*:*:*",
"matchCriteriaId": "17466643-0B26-4D65-B2FD-C958D906BE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "DF9C742B-C0C4-46D5-A7DA-025852069BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:x86:*:*:*:*:*",
"matchCriteriaId": "3378607F-5EF7-4C11-8254-6A44A03B8BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:x86:*:*:*:*:*",
"matchCriteriaId": "7ACFC436-5A5C-4E31-957F-ED5127ECDB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp3:x86:*:*:*:*:*",
"matchCriteriaId": "D5E51FAA-1DD4-478F-B439-D344C33AE355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Reverse Proxy Plug-in en Sun Java System Web Server v6.1 anterior a SP11, permite a atacantes remotos la inyecci\u00f3n de c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s de una consulta de cadena en situaciones resultantes de un error \"502 Gateway\"."
}
],
"id": "CVE-2009-1934",
"lastModified": "2024-11-21T01:03:43.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-05T16:00:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54872"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35338"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4493C646-DF4B-45C7-86F7-A71AC9B1CA97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""
}
],
"id": "CVE-2005-2094",
"lastModified": "2024-11-20T23:58:47.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014369"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42903"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html | ||
| cve@mitre.org | http://www.iss.net/security_center/static/9517.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/5191 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9517.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5191 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netscape | enterprise_server | 3.6 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | iplanet_web_server | 4.1 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_application_server | 6.0 | |
| sun | one_web_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3577B789-DBB6-413D-B964-B32FE3E8CD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01D79D8B-71EC-41FB-B168-294A7553785F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "15614FEE-BE44-493D-8F4B-B68F90BA1C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*",
"matchCriteriaId": "EAFDD45B-9AA9-46A9-9452-6F7026DAB8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "881584F0-6E53-4E08-A394-911CCD7179B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*",
"matchCriteriaId": "74307012-2D6B-4D7E-BB6E-B6515E37149D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5608C463-921D-4640-B9F5-1C7E2F99DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*",
"matchCriteriaId": "CC15E6D1-5E34-4BA0-83AA-32843BBE34EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1BB8A1FD-2B13-4D52-A685-822FC49D61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*",
"matchCriteriaId": "B199A631-70D8-4FA5-BFAA-46EA768223D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DD3C8D8A-D9EC-4DB2-B2E2-3B3BFC6AF369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*",
"matchCriteriaId": "14BE8733-6B79-406D-8AD4-1A034D93CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4EA69FCA-EAD5-4BA9-8AF5-2FDC617B77E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*",
"matchCriteriaId": "431E382F-3638-43FE-978E-6FB72C0406A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "D84C0F92-BA3D-47E3-A89C-F7BFE70F1A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*",
"matchCriteriaId": "E85940EC-E144-4B26-B2FB-A4985FE852C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "B05F9BD8-4A97-4E30-9D87-C54D2C688C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*",
"matchCriteriaId": "8BFAEFD1-D6E0-4401-A81E-9B73DF6C4600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "30EBB2AE-CC19-455C-8338-DC99649128E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*",
"matchCriteriaId": "271C69BC-E8B9-4E95-91F0-719FDC71E31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "E97E6E0E-88BA-4EF3-83D3-F3A49076C6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*",
"matchCriteriaId": "38178E55-35F2-407E-906C-CDA706881684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the NS-query-pat parameter."
}
],
"id": "CVE-2002-1042",
"lastModified": "2024-11-20T23:40:27.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9517.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9517.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5191"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-01 22:30
Modified
2024-11-20 23:54
Severity ?
Summary
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "15614FEE-BE44-493D-8F4B-B68F90BA1C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*",
"matchCriteriaId": "EAFDD45B-9AA9-46A9-9452-6F7026DAB8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "881584F0-6E53-4E08-A394-911CCD7179B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*",
"matchCriteriaId": "74307012-2D6B-4D7E-BB6E-B6515E37149D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "1AA735E6-0E26-47E0-B779-8688B058847E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*",
"matchCriteriaId": "2CACFD40-A33F-4C4C-8CC1-3111E3399D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "17872BB7-BD29-4EB8-8270-97157B991336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*",
"matchCriteriaId": "12A2A214-156B-4092-B72E-55875A068EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5608C463-921D-4640-B9F5-1C7E2F99DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*",
"matchCriteriaId": "CC15E6D1-5E34-4BA0-83AA-32843BBE34EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1BB8A1FD-2B13-4D52-A685-822FC49D61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*",
"matchCriteriaId": "B199A631-70D8-4FA5-BFAA-46EA768223D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DD3C8D8A-D9EC-4DB2-B2E2-3B3BFC6AF369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*",
"matchCriteriaId": "14BE8733-6B79-406D-8AD4-1A034D93CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4EA69FCA-EAD5-4BA9-8AF5-2FDC617B77E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*",
"matchCriteriaId": "431E382F-3638-43FE-978E-6FB72C0406A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "D84C0F92-BA3D-47E3-A89C-F7BFE70F1A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*",
"matchCriteriaId": "E85940EC-E144-4B26-B2FB-A4985FE852C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "B05F9BD8-4A97-4E30-9D87-C54D2C688C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*",
"matchCriteriaId": "8BFAEFD1-D6E0-4401-A81E-9B73DF6C4600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "30EBB2AE-CC19-455C-8338-DC99649128E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*",
"matchCriteriaId": "271C69BC-E8B9-4E95-91F0-719FDC71E31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "E97E6E0E-88BA-4EF3-83D3-F3A49076C6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*",
"matchCriteriaId": "38178E55-35F2-407E-906C-CDA706881684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7383260B-83F0-4915-BFF3-BAD5C3228B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0F8A1D4E-B671-4ADA-B9EA-B01BF7C17F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "53779E82-8FB9-498D-9E1C-4B7671E722D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C61702CF-2660-4CC0-9563-B0DCD363B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:iplanet_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "A3AEFF59-9E04-497C-81B0-D664BA52AC4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33621D67-8191-42EE-8859-8B5FC30F935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C6F8563-701E-4E54-A0C9-67E9DF74D60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"matchCriteriaId": "4022E5C6-5651-45DD-AF73-89CF38E71D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"matchCriteriaId": "EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"matchCriteriaId": "873034EA-B3C6-43E6-AE98-A04598D9A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CEA91AD-443D-4856-AC7A-3DDE0791134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "07C1D4DC-252A-4602-A916-32E51CCA75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "526D2FAD-4241-412C-8863-B273D3733153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B8A796CB-D675-49FC-98BA-4D527211C70D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "8693959B-7D5D-414B-8660-2A693AF24541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "1BDC4A06-33A1-4619-B870-7F2AF1D332F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "8A445032-AD7B-4971-B175-DF3183A4A12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4493C646-DF4B-45C7-86F7-A71AC9B1CA97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "689F0A9F-8F34-4958-B869-C4FB8BC02406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de Sun ONE/iPlanet Web Server v4.1 SP! al SP2 y v6.0 SP1 al SP5 responde a las peticiones HTTP TRACE, lo que puede permitir a atacantes remotos el robo de informaci\u00f3n usando ataques de seguimiento de trazas en sitios cruzados (XST) en aplicaciones vulnerables a ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados."
}
],
"id": "CVE-2004-2763",
"lastModified": "2024-11-20T23:54:09.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-01T22:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/867593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/867593"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-05 22:30
Modified
2024-11-20 23:47
Severity ?
Summary
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | one_web_server | 6.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6EF410-9D8F-4C94-8636-93D455E0C072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
},
{
"lang": "es",
"value": "Sun ONE (conocido tambi\u00e9n como iPlanet) Web Server v6 en Windows, cuando la resoluci\u00f3n DNS est\u00e1 activada para direcciones IP de clientes, usa un formato de registro que no identifica si un punto cuadrado representa una direcci\u00f3n IP no resuelta, lo que permite a atacantes remotos falsificar direcciones IP a trav\u00e9s de respuestas DNS manipuladas que contiene dominios num\u00e9ricos de alto nivel, como qued\u00f3 demostrado por el nombre de dominio falsifcado 123.123.123.123, relacionado con el tema \"Inverse Lookup Log Corruption (ILLC)\"."
}
],
"id": "CVE-2003-1579",
"lastModified": "2024-11-20T23:47:29.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-05T22:30:02.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/313867"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2004-0826
Vulnerability from cvelistv5
Published
2004-09-02 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11015 | vdb-entry, x_refsource_BID | |
| http://xforce.iss.net/xforce/alerts/id/180 | third-party-advisory, x_refsource_ISS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109351293827731&w=2 | vendor-advisory, x_refsource_HP |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11015"
},
{
"name": "20040823 Netscape NSS Library Remote Compromise",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/180"
},
{
"name": "sslv2-client-hello-overflow(16314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16314"
},
{
"name": "SSRT4779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0826",
"datePublished": "2004-09-02T04:00:00",
"dateReserved": "2004-08-27T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2501
Vulnerability from cvelistv5
Published
2006-05-20 02:59
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/18035 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016125 | vdb-entry, x_refsource_SECTRACK | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26550 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20147 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016126 | vdb-entry, x_refsource_SECTRACK | |
| http://jvn.jp/jp/JVN%2303D5EAA8/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.vupen.com/english/advisories/2006/1866 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/114956 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/114956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18035"
},
{
"name": "1016125",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016125"
},
{
"name": "102164",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1"
},
{
"name": "sun-java-system-xss(26550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26550"
},
{
"name": "20147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20147"
},
{
"name": "1016126",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016126"
},
{
"name": "JVN#03D5EAA8",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2303D5EAA8/index.html"
},
{
"name": "ADV-2006-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1866"
},
{
"name": "VU#114956",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2501",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1579
Vulnerability from cvelistv5
Published
2010-02-05 22:13
Modified
2024-09-16 19:19
Severity ?
EPSS score ?
Summary
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/313867 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/313867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-05T22:13:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/313867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1579",
"datePublished": "2010-02-05T22:13:00Z",
"dateReserved": "2010-02-05T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:32.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1126
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/9541 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/636964 | third-party-advisory, x_refsource_CERT-VN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9541"
},
{
"name": "VU#636964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/636964"
},
{
"name": "56180",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-12T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9541",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9541"
},
{
"name": "VU#636964",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/636964"
},
{
"name": "56180",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9541"
},
{
"name": "VU#636964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/636964"
},
{
"name": "56180",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1126",
"datePublished": "2005-03-12T05:00:00Z",
"dateReserved": "2005-03-12T00:00:00Z",
"dateUpdated": "2024-09-17T04:08:41.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1934
Vulnerability from cvelistv5
Published
2009-06-05 15:25
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/35338 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35204 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/54872 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1500 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1022334 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50951 | vdb-entry, x_refsource_XF | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "259588",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "259588",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "259588",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"refsource": "OSVDB",
"url": "http://osvdb.org/54872"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1934",
"datePublished": "2009-06-05T15:25:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1578
Vulnerability from cvelistv5
Published
2010-02-05 22:13
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securityfocus.com/bid/7012 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/313867 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56633 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201453",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "7012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7012"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"name": "iplanet-logpreview-security-bypass(56633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a \"format=\" substring, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201453",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "7012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7012"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"name": "iplanet-logpreview-security-bypass(56633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a \"format=\" substring, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201453",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "7012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7012"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313867"
},
{
"name": "iplanet-logpreview-security-bypass(56633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1578",
"datePublished": "2010-02-05T22:13:00",
"dateReserved": "2010-02-05T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1042
Vulnerability from cvelistv5
Published
2002-08-31 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9517.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5191 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020709 iPlanet Remote File Viewing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html"
},
{
"name": "iplanet-search-view-files(9517)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9517.php"
},
{
"name": "5191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the NS-query-pat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020709 iPlanet Remote File Viewing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html"
},
{
"name": "iplanet-search-view-files(9517)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9517.php"
},
{
"name": "5191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the NS-query-pat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020709 iPlanet Remote File Viewing",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0085.html"
},
{
"name": "iplanet-search-view-files(9517)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9517.php"
},
{
"name": "5191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1042",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-27T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2094
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014369 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42903 | vdb-entry, x_refsource_XF | |
| http://www.securiteam.com/securityreviews/5GP0220G0U.html | x_refsource_MISC | |
| http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf | x_refsource_MISC | |
| http://seclists.org/lists/bugtraq/2005/Jun/0025.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014369"
},
{
"name": "sun-sunone-hrs(42903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
},
{
"name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014369"
},
{
"name": "sun-sunone-hrs(42903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
},
{
"name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014369"
},
{
"name": "sun-sunone-hrs(42903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42903"
},
{
"name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"
},
{
"name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf",
"refsource": "MISC",
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"
},
{
"name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2094",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2763
Vulnerability from cvelistv5
Published
2009-06-01 22:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/867593 | third-party-advisory, x_refsource_CERT-VN | |
| http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html | vendor-advisory, x_refsource_SUNALERT | |
| http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#867593",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/867593"
},
{
"name": "50603",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-01T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#867593",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/867593"
},
{
"name": "50603",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#867593",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/867593"
},
{
"name": "50603",
"refsource": "SUNALERT",
"url": "http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"
},
{
"name": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf",
"refsource": "MISC",
"url": "http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2763",
"datePublished": "2009-06-01T22:00:00Z",
"dateReserved": "2009-06-01T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:42.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1589
Vulnerability from cvelistv5
Published
2010-02-25 19:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56616 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "iplanet-unspecified-dos(56616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616"
},
{
"name": "201454",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "iplanet-unspecified-dos(56616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616"
},
{
"name": "201454",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iplanet-unspecified-dos(56616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616"
},
{
"name": "201454",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1589",
"datePublished": "2010-02-25T19:00:00",
"dateReserved": "2010-02-25T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1577
Vulnerability from cvelistv5
Published
2010-02-05 22:13
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56632 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/313867 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:16.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201453",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "sunone-iplanetlog-xss(56632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/313867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201453",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "sunone-iplanetlog-xss(56632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/313867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201453",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1"
},
{
"name": "sunone-iplanetlog-xss(56632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632"
},
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1577",
"datePublished": "2010-02-05T22:13:00",
"dateReserved": "2010-02-05T00:00:00",
"dateUpdated": "2024-08-08T02:35:16.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1590
Vulnerability from cvelistv5
Published
2010-02-25 19:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56615 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sunone-unspecified-dos(56615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615"
},
{
"name": "201451",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sunone-unspecified-dos(56615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615"
},
{
"name": "201451",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sunone-unspecified-dos(56615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615"
},
{
"name": "201451",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1590",
"datePublished": "2010-02-25T19:00:00",
"dateReserved": "2010-02-25T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}