CVE-2007-4289

The connected records indicate CVE-2007-4289 is related to improper handling of XSLT stylesheets in XML signatures, affecting Sun Java System Access Manager 6.3–7.1 and Sun Java System Identity Server 6.1–6.2, where crafted XSLT transforms could allow context-dependent attackers to execute arbitr...

Crlf injection

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

CVE-2007-4164

CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

Code injection

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

CVE-2007-4025

Unspecified vulnerability in Sun Java System SJS Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors...

Sun Java System Access Manager密码信息泄露漏洞

Sun Java System Access Manager是一款为企业提供了身份联合方面的一个可互操作、基于标准的强大验证和授权解决方案。 Sun Java System Access Manager存在设计错误，本地攻击者可以利用漏洞获得用户密码敏感信息。 当在Sun Java System Access Manager的调试级别如果设置为"message"，登录密码会以明文方式记录，因此本地非特权用户可读取。 Sun Java System Access Manager 6.2 2004Q2 Solaris x Sun Java System Access Manager 6.2...

Sun Java System Server XSLT处理远程Java方法执行漏洞

BUGTRAQ ID: 24850 CNCAN ID:CNCAN-2007071110 Sun Java System Application Server和Sun Java System Web Server是应用服务程序和WEB服务程序。 Sun Java System Application Server和Sun Java System Web Server不正确处理XML签名中的XSLT传送中包含的XSLT样式表单，远程攻击者可以利用漏洞执行任意Java方法。 Sun Java System Web Server 7.0 Sun Java System Application...

CVE-2007-3700

Sun Java System Access Manager formerly Java System Identity Server before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading...

CVE-2007-3700

Sun Java System Access Manager formerly Java System Identity Server before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading...

CVE-2007-3715

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716...

CVE-2007-3225

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

Code injection

Unspecified vulnerability in Sun Java System Directory Server slapd 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors...

CVE-2007-3225

Sun Java System Directory Server (slapd) 6.0 and 5.2 with Patch 3 or 4 are affected by CVE-2007-3225. The vulnerability allows remote attackers to modify certain data via unknown vectors. The available documents do not specify the exact component/function/file/root cause, nor provide a confirmed ...

Solaris 5.8 (x86) : 120982-18

Sun Java System Web Proxy Server 4.0.11, x86 SVR4 patch: Mainte. Date this patch was last updated by Sun : Aug/04/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

Solaris 5.10 (x86) : 120982-18

Sun Java System Web Proxy Server 4.0.11, x86 SVR4 patch: Mainte. Date this patch was last updated by Sun : Aug/04/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

Solaris 5.8 (sparc) : 120981-18

Sun Java System Web Proxy Server 4.0.11, Solaris SVR4 patch: Mai. Date this patch was last updated by Sun : Aug/04/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...

Cross site scripting

Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653...

CVE-2007-2904

Sun Java System Messaging Server 6.0–6.3 is affected by CVE-2007-2904, a cross-site scripting (XSS) vulnerability exploitable via unspecified vectors when using Internet Explorer. The issue allows remote attackers to inject arbitrary web script or HTML. The vulnerability is related to CVE-2006-56...