22 matches found
CVE-2010-0386
CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...
CVE-2011-0807
CVE-2011-0807 affects Oracle GlassFish Server and Sun Java System Application Server. The connected documents describe an authentication bypass vulnerability that can lead to remote code execution by bypassing authentication and deploying/executing a malicious WAR, particularly on GlassFish 2.x, ...
CVE-2004-0826
CVE-2004-0826 affects the Netscape Network Security Services (NSS) library’s SSLv2 record parsing. The issue is a heap-based buffer overflow triggered by a modified record length field in an SSLv2 client hello, allowing a remote attacker to execute arbitrary code. Multiple advisories and OpenVAS ...
CVE-2009-0278
CVE-2009-0278 affects Sun Java System Application Server (AS) 8.1 and 8.2. A remote attacker can read Web Application configuration files in WEB-INF or META-INF via a malformed request, exposing sensitive information. Connected sources indicate vendor patches exist (e.g., SunSolve documents such ...
CVE-2007-3715
CVE-2007-3715 affects Sun Java System Application Server and Web Server (7.0–9.0 prior to 20070710). The issue arises in XSLT transforms used in XML signatures, where an attacker could craft a stylesheet to trigger a context-dependent Java method execution, enabling remote code execution. The des...
CVE-2012-3155
The CVE-2012-3155 entry concerns an unspecified DoS vulnerability in the CORBA ORB subcomponent affecting Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1/3.1.2, and Sun Java System Application Server 8.1/8.2. The flaw targets the CORBA ORB component and is described as allowi...
CVE-2006-2501
CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...
CVE-2008-5266
CVE-2008-5266 is an XSS in GlassFish 2 UR2 webadmin (configuration/httpListenerEdit.jsf) of Sun Java System Application Server 9.1_01 (build b09d-fcs) and 9.1_02 (build b04-fcs). Remote attackers can inject arbitrary script via the name parameter. CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/I:P/C:N/A:...
CVE-2006-3921
Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...
CVE-2008-2751
CVE-2008-2751 concerns multiple XSS vulnerabilities in the GlassFish 2 Sun Java System Application Server 9.1_01 webadmin interface. The disclosed vectors affect the JSF pages (resourceNode, applications, etc.) via numerous form fields (e.g., jndiProp, resTypeProp, factoryClassProp, descProp, nam...
CVE-2006-6276
Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...
CVE-2005-4046
The CVE-2005-4046 entry affects the Reverse SSL Proxy Plug-in used with Sun Java System Application Server Standard Edition 7 (2004Q2), Application Server Enterprise Edition 8.1 (2005Q1), and Sun ONE Application Server 7 Standard Edition. The vulnerability is unspecified but allows remote attacke...
CVE-2004-2216
Technical details about CVE-2004-2216 are not publicly available in the provided documents. Monitor for updates from additional sources; no specific affected products, root cause, or remediation are disclosed here.
CVE-2007-5153
Technical details about CVE-2007-5153 are not publicly available in the provided documents; affected products, impact, and remediation specifics are not disclosed. Monitor for updates from official sources.
CVE-2007-4025
CVE-2007-4025 affects Sun Java System Application Server (SJS) 8.1–9.0 prior to 20070724 on Windows. It allows remote attackers to obtain JSP source code via unspecified vectors. The connected documents do not specify root cause, explicit exploit method, or a fix/remediation. No remediation detai...
CVE-2007-5152
Summary: CVE-2007-5152 affects Sun Java System Access Manager 7.1 when installed in a Sun Java System Application Server 9.1 container. The issue is that authentication is not required after a container restart, enabling remote attackers to perform administrative tasks. The vulnerability is evide...
CVE-2005-4805
Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.
CVE-2007-4511
The CVE-2007-4511 issue affects Sun Admin Console in Sun Application Server 9.0_0.1. The root problem is that configuration changes are not persisted, causing the SSL and SSL_MutualAuth ORB listener services to enable all protocols and ciphers after a restart. This can allow remote attackers to b...
CVE-2005-0742
CVE-2005-0742 describes a cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7. The issue allows remote attackers to inject arbitrary web script or HTML via unknown vectors, potentially affecting the integrity of user data. The cited NVD metrics indicate a low to mediu...
CVE-2005-4804
Technical details about CVE-2005-4804 are not publicly available in the provided documents. Monitor for updates.
CVE-2008-2120
CVE-2008-2120 is an information-disclosure vulnerability in Sun Java System Application Server 7 (2004Q2) before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 that allows remote attackers to obtain the source code of JSP files via unknown vectors. Affected components are...
CVE-2006-3225
CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...