Sun Java System Application Server Cross-Site Tracing Vulnerability

Sun Java System Application Server is prone to a cross-site tracing vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sun Java System Application Server Cross Site Tracing Vulnerability

This host has Sun Java System Application Server running which is prone to Cross Site Tracing vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavaappservxstvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Sun Java System Application Server Cross Site Tracing Vulnerability Authors: Veerendra G...

CVE-2010-0386

CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...

Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Overview Sun GlassFish Enterprise Server and Sun Java System Application Server from Sun Microsystems contain a cross-site scripting vulnerability. Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server...

Sun Java System Application Server Information Disclosure vulnerability

Java Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sun Java System/ONE Application Server Detection (HTTP)

HTTP based detection of the Sun Java System/ONE Application Server. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...

CVE-2008-5266

CVE-2008-5266 is an XSS in GlassFish 2 UR2 webadmin (configuration/httpListenerEdit.jsf) of Sun Java System Application Server 9.1_01 (build b09d-fcs) and 9.1_02 (build b04-fcs). Remote attackers can inject arbitrary script via the name parameter. CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/I:P/C:N/A:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

glassfish-xss.txt

============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

Code injection

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2006-6276

Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...

CVE-2006-3225

CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...

CVE-2005-4805

Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.