Sun Java系统Web服务器高级搜素机制跨站脚本漏洞

BUGTRAQ ID: 29355 Sun Java System Web Server是高性能的WEB服务器。 Sun Java系统Web服务器的高级搜素机制没有正确地过滤某些用户输入，远程非特权可以通过提交恶意搜索请求执行跨站脚本攻击，导致用户在客户端的web浏览器中执行任意JavaScript命令，这可能允许远程用户窃取cookie信息、劫持会话或导致损失数据保密性。 Sun Java System Web Server 7.0 Update 2 Sun Java System Web Server 7.0 Update 1 Sun Java System Web Server 7...

CVE-2008-2166

Cross-site scripting XSS vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp...

CVE-2007-6572

CVE-2007-6572 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (BugID 6566204). Affected components: Sun Java System Web Server 6.1 (pre-SP8) and 7.0 (pre-Update ...

Crlf injection

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

CVE-2007-4164

CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

Code injection

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

CVE-2006-6276

Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...

CVE-2006-5654

CVE-2006-5654 concerns the NSS component used by Sun Java System Web Server 6.0 (pre-SP10) and ONE Application Server 7 (pre-Update 3) when SSLv2 is enabled, allowing remote authenticated users to cause a denial of service. Connected documents indicate related NSS issues (e.g., CVE-2006-5201) and...

Cross site scripting

Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...

CVE-2006-2501

Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...

CVE-2006-2501

CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...

[SA20147] Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability

TITLE: Sun ONE/Java System Web Server Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA20147 VERIFY ADVISORY: http://secunia.com/advisories/20147/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Sun Java System Application Server Sun ONE 7.x...

CVE-2004-2216

Technical details about CVE-2004-2216 are not publicly available in the provided documents. Monitor for updates from additional sources; no specific affected products, root cause, or remediation are disclosed here.

CVE-2003-0413

Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...

CVE-2003-0413

CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...

CVE-2003-0413

Cross-site scripting XSS vulnerability in the webapps-simple sample application for 1 Sun ONE Application Server 7.0 for Windows 2000/XP or 2 Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" erro...