Lucene search

[email protected]CVE-2006-2501

HistoryMay 20, 2006 - 3:02 a.m.

CVE-2006-2501

2006-05-2003:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2501

cross-site scripting

xss

sun one web server

java system web server

sun one application server

java system application server

vulnerability

security

nvd

5.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.1%

JSON

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

Affected configurations

NVD

Node

sunjava_system_application_serverRange≤7.0ur2enterprise

sunjava_system_application_serverRange≤7.0ur2standard

sunjava_system_web_serverRange≤6.1sp4

sunjava_system_web_serverMatch6.1

sunjava_system_web_serverMatch6.1sp1

sunjava_system_web_serverMatch6.1sp2

sunjava_system_web_serverMatch6.1sp3

sunone_application_serverRange≤7.0update_6platform

sunone_application_serverRange≤7.0update_6standard

sunone_application_serverMatch6.0

sunone_application_serverMatch6.0sp1

sunone_application_serverMatch6.0sp2

sunone_application_serverMatch7.0platform

sunone_application_serverMatch7.0standard

sunone_web_serverRange≤6.0sp9

sunone_web_serverMatch6.0sp3

sunone_web_serverMatch6.0sp4

sunone_web_serverMatch6.0sp5

sunone_web_serverMatch6.0sp7

sunone_web_serverMatch6.0sp8

CPENameOperatorVersion
sun:java_system_application_serversun java system application serverle7.0
sun:java_system_web_serversun java system web serverle6.1
sun:one_application_serversun one application serverle7.0
sun:one_application_serversun one application servereq6.0
sun:one_web_serversun one web serverle6.0

CPE	Name	Operator	Version
sun:java_system_application_server	sun java system application server	le	7.0
sun:java_system_web_server	sun java system web server	le	6.1
sun:one_application_server	sun one application server	le	7.0
sun:one_application_server	sun one application server	eq	6.0
sun:one_web_server	sun one web server	le	6.0

References

jvn.jp/jp/JVN%2303D5EAA8/index.html

secunia.com/advisories/20147

securitytracker.com/id?1016125

securitytracker.com/id?1016126

sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1

www.kb.cert.org/vuls/id/114956

www.securityfocus.com/bid/18035

www.vupen.com/english/advisories/2006/1866

exchange.xforce.ibmcloud.com/vulnerabilities/26550

5.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2006-2501

prion1 nvd1 cert1 cvelist1