Lucene search

[email protected]NVD:CVE-2006-2501

HistoryMay 20, 2006 - 3:02 a.m.

CVE-2006-2501

2006-05-2003:02:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

Affected configurations

Nvd

Node

sunjava_system_application_serverRange≤7.0ur2enterprise

sunjava_system_application_serverRange≤7.0ur2standard

sunjava_system_web_serverRange≤6.1sp4

sunjava_system_web_serverMatch6.1

sunjava_system_web_serverMatch6.1sp1

sunjava_system_web_serverMatch6.1sp2

sunjava_system_web_serverMatch6.1sp3

sunone_application_serverRange≤7.0update_6platform

sunone_application_serverRange≤7.0update_6standard

sunone_application_serverMatch6.0

sunone_application_serverMatch6.0sp1

sunone_application_serverMatch6.0sp2

sunone_application_serverMatch7.0platform

sunone_application_serverMatch7.0standard

sunone_web_serverRange≤6.0sp9

sunone_web_serverMatch6.0sp3

sunone_web_serverMatch6.0sp4

sunone_web_serverMatch6.0sp5

sunone_web_serverMatch6.0sp7

sunone_web_serverMatch6.0sp8

VendorProductVersionCPE
sunjava_system_application_server*cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*
sunjava_system_application_server*cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*
sunjava_system_web_server*cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
sunone_application_server*cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*
sunone_application_server*cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*
sunone_application_server6.0cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_application_server	*	cpe:2.3:a:sun:java_system_application_server::ur2:enterprise:::::
sun	java_system_application_server	*	cpe:2.3:a:sun:java_system_application_server::ur2:standard:::::
sun	java_system_web_server	*	cpe:2.3:a:sun:java_system_web_server::sp4::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp1::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp2::::::
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp3::::::
sun	one_application_server	*	cpe:2.3:a:sun:one_application_server::update_6:platform:::::
sun	one_application_server	*	cpe:2.3:a:sun:one_application_server::update_6:standard:::::
sun	one_application_server	6.0	cpe:2.3:a:sun:one_application_server:6.0:::::::*

Rows per page:

1-10 of 201

References

jvn.jp/jp/JVN%2303D5EAA8/index.html

secunia.com/advisories/20147

securitytracker.com/id?1016125

securitytracker.com/id?1016126

sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1

www.kb.cert.org/vuls/id/114956

www.securityfocus.com/bid/18035

www.vupen.com/english/advisories/2006/1866

exchange.xforce.ibmcloud.com/vulnerabilities/26550

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Related for NVD:CVE-2006-2501

cvelist1 cert1 prion1 cve1