Lucene search

[email protected]CVE-2009-1934

HistoryJun 05, 2009 - 4:00 p.m.

CVE-2009-1934

2009-06-0516:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1934

cross-site scripting

xss

vulnerability

sun java system web server

gateway error

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

Affected configurations

NVD

Node

sunjava_system_web_serverMatch6.1sp10aix

sunjava_system_web_serverMatch6.1sp4aix

sunjava_system_web_serverMatch6.1sp5aix

sunjava_system_web_serverMatch6.1sp6aix

sunjava_system_web_serverMatch6.1sp7aix

sunjava_system_web_serverMatch6.1sp8aix

sunjava_system_web_serverMatch6.1sp9aix

sunone_web_serverMatch6.1aix

sunone_web_serverMatch6.1sp1aix

sunone_web_serverMatch6.1sp2aix

sunone_web_serverMatch6.1sp3aix

Node

sunjava_system_web_serverMatch6.1sp10hp_ux

sunjava_system_web_serverMatch6.1sp4hp_ux

sunjava_system_web_serverMatch6.1sp5hp_ux

sunjava_system_web_serverMatch6.1sp6hp_ux

sunjava_system_web_serverMatch6.1sp7hp_ux

sunjava_system_web_serverMatch6.1sp8hp_ux

sunjava_system_web_serverMatch6.1sp9hp_ux

sunone_web_serverMatch6.1hp_ux

sunone_web_serverMatch6.1sp1hp_ux

sunone_web_serverMatch6.1sp2hp_ux

sunone_web_serverMatch6.1sp3hp_ux

Node

sunjava_system_web_serverMatch6.1sp10linux

sunjava_system_web_serverMatch6.1sp4linux

sunjava_system_web_serverMatch6.1sp5linux

sunjava_system_web_serverMatch6.1sp6linux

sunjava_system_web_serverMatch6.1sp7linux

sunjava_system_web_serverMatch6.1sp8linux

sunjava_system_web_serverMatch6.1sp9linux

sunone_web_serverMatch6.1linux

sunone_web_serverMatch6.1sp1linux

sunone_web_serverMatch6.1sp2linux

sunone_web_serverMatch6.1sp3linux

Node

sunjava_system_web_serverMatch6.1sp10windows

sunjava_system_web_serverMatch6.1sp4windows

sunjava_system_web_serverMatch6.1sp5windows

sunjava_system_web_serverMatch6.1sp6windows

sunjava_system_web_serverMatch6.1sp7windows

sunjava_system_web_serverMatch6.1sp8windows

sunjava_system_web_serverMatch6.1sp9windows

sunone_web_serverMatch6.1windows

sunone_web_serverMatch6.1sp1windows

sunone_web_serverMatch6.1sp2windows

sunone_web_serverMatch6.1sp3windows

Node

sunjava_system_web_serverMatch6.1sp10sparc

sunjava_system_web_serverMatch6.1sp4sparc

sunjava_system_web_serverMatch6.1sp5sparc

sunjava_system_web_serverMatch6.1sp6sparc

sunjava_system_web_serverMatch6.1sp7sparc

sunjava_system_web_serverMatch6.1sp8sparc

sunjava_system_web_serverMatch6.1sp9sparc

sunone_web_serverMatch6.1sparc

sunone_web_serverMatch6.1sp1sparc

sunone_web_serverMatch6.1sp2sparc

sunone_web_serverMatch6.1sp3sparc

Node

sunjava_system_web_serverMatch6.1sp10x86

sunjava_system_web_serverMatch6.1sp4x86

sunjava_system_web_serverMatch6.1sp48x86

sunjava_system_web_serverMatch6.1sp5x86

sunjava_system_web_serverMatch6.1sp6x86

sunjava_system_web_serverMatch6.1sp7x86

sunjava_system_web_serverMatch6.1sp9x86

sunone_web_serverMatch6.1x86

sunone_web_serverMatch6.1sp1x86

sunone_web_serverMatch6.1sp2x86

sunone_web_serverMatch6.1sp3x86

CPENameOperatorVersion
sun:java_system_web_serversun java system web servereq6.1
sun:one_web_serversun one web servereq6.1

CPE	Name	Operator	Version
sun:java_system_web_server	sun java system web server	eq	6.1
sun:one_web_server	sun one web server	eq	6.1

References

osvdb.org/54872

secunia.com/advisories/35338

sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1

sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1

support.avaya.com/elmodocs2/security/ASA-2009-211.htm

www.securityfocus.com/bid/35204

www.securitytracker.com/id?1022334

www.vupen.com/english/advisories/2009/1500

exchange.xforce.ibmcloud.com/vulnerabilities/50951

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2009-1934

nessus10 openvas4 nvd1 prion1 cvelist1