Java System Application Server@7.0 Security Vulnerabilities and Issues — Java System Application Server@7.0 CVE List

Lucene search

SunJava System Application Server7.0

8 matches found

CVE•added 2010/01/25 7:30 p.m.•413 views

CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

4.3CVSS6.2AI score0.39542EPSS

CVE•added 2004/12/31 5:0 a.m.•142 views

CVE-2004-0826

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

7.5CVSS7.7AI score0.02995EPSS

CVE•added 2006/12/04 11:28 a.m.•45 views

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web ca...

6.8CVSS6.5AI score0.01141EPSS

CVE•added 2006/07/28 11:4 p.m.•44 views

CVE-2006-3921

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

4CVSS6.1AI score0.00749EPSS

CVE•added 2005/07/17 4:0 a.m.•41 views

CVE-2004-2216

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

5CVSS7AI score0.00796EPSS

CVE•added 2005/12/07 11:3 a.m.•41 views

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-th...

4CVSS7.1AI score0.00437EPSS

CVE•added 2006/05/25 10:0 a.m.•33 views

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.

5CVSS7.2AI score0.0052EPSS

CVE•added 2005/05/02 4:0 a.m.•32 views

CVE-2005-0742

Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.9AI score0.00333EPSS