Lucene search

[email protected]NVD:CVE-2006-6276

HistoryDec 04, 2006 - 11:28 a.m.

CVE-2006-6276

2006-12-0411:28:00

CWE-444

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

Affected configurations

Nvd

Node

sunjava_system_application_serverMatch7.0

sunjava_system_application_serverMatch8.1

sunjava_system_web_proxy_serverMatch-

sunjava_system_web_proxy_serverMatch3.6

sunjava_system_web_proxy_serverMatch4.0

sunjava_system_web_serverMatch6.0

sunjava_system_web_serverMatch6.1

sunone_application_serverMatch7.0

VendorProductVersionCPE
sunjava_system_application_server7.0cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
sunjava_system_application_server8.1cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*
sunjava_system_web_proxy_server-cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*
sunjava_system_web_proxy_server3.6cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*
sunjava_system_web_proxy_server4.0cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*
sunjava_system_web_server6.0cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
sunone_application_server7.0cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_application_server	7.0	cpe:2.3:a:sun:java_system_application_server:7.0:::::::*
sun	java_system_application_server	8.1	cpe:2.3:a:sun:java_system_application_server:8.1:::::::*
sun	java_system_web_proxy_server	-	cpe:2.3:a:sun:java_system_web_proxy_server:-:::::::*
sun	java_system_web_proxy_server	3.6	cpe:2.3:a:sun:java_system_web_proxy_server:3.6:::::::*
sun	java_system_web_proxy_server	4.0	cpe:2.3:a:sun:java_system_web_proxy_server:4.0:::::::*
sun	java_system_web_server	6.0	cpe:2.3:a:sun:java_system_web_server:6.0:::::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
sun	one_application_server	7.0	cpe:2.3:a:sun:one_application_server:7.0:::::::*

References

secunia.com/advisories/23186

securitytracker.com/id?1017322

securitytracker.com/id?1017323

securitytracker.com/id?1017324

sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

www.securityfocus.com/bid/21371

www.vupen.com/english/advisories/2006/4793

exchange.xforce.ibmcloud.com/vulnerabilities/30662

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Related for NVD:CVE-2006-6276

cvelist1 cve1