32 matches found
CVE-2010-0361
CVE-2010-0361 affects Sun Java System Web Server (SJWS) 7.0 Update 7, specifically the WebDAV handler: a stack-based buffer overflow in the WebDAV implementation of webservd can be triggered by a long URI in an HTTP OPTIONS request. Public exploit code and reports indicate remote attacker can cau...
CVE-2007-3715
CVE-2007-3715 affects Sun Java System Application Server and Web Server (7.0–9.0 prior to 20070710). The issue arises in XSLT transforms used in XML signatures, where an attacker could craft a stylesheet to trigger a context-dependent Java method execution, enabling remote code execution. The des...
CVE-2009-2713
Sun Java System Access Manager 7.0 (2005Q4) and 7.1 with Cross Domain Single Sign On enabled is affected by CVE-2009-2713. The issue is that the CDCServlet component does not ensure policy advice is presented to the correct client, enabling potential information disclosure via unspecified vectors...
CVE-2009-1934
Sun Java System Web Server 6.1 (Reverse Proxy Plug-in) is vulnerable to an XSS issue (CVE-2009-1934) in scenarios that trigger a 502 Gateway error. The vulnerability affects the Reverse Proxy Plug-in before SP11, allowing remote attackers to inject arbitrary script via the query string. The avail...
CVE-2010-0273
Affected product/versions: Sun Java System Web Server 7.0 Update 7 (and related disclosures mentioning 7.0 Update 6/7). Vulnerability/root cause: Remote attackers can overwrite heap memory and read memory contents by sending a malformed HTTP TRACE request containing a long URI and many empty head...
CVE-2010-0360
The Sun Java System Web Server 7.0 Update 7 contains a heap-based memory overflow in the HTTP TRACE path. Specifically, a malformed TRACE request with a long URI and many empty headers can cause heap corruption and expose memory contents, enabling remote attackers to overwrite and read heap memor...
CVE-2006-2501
CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...
CVE-2010-0387
Summary: CVE-2010-0387 affects Sun Java System Web Server 7.0 Update 7 and is caused by multiple heap-based buffer overflows in webservd and the admin server. The issue can be triggered by a long value in the Authorization: Digest HTTP header, leading to a denial of service via daemon crash and p...
CVE-2009-2712
CVE-2009-2712 affects Sun Java System Access Manager (6.3/2005Q1, 7.0/2005Q4, 7.1) and OpenSSO/OpenSSO Enterprise 8.0. When AMConfig.properties enables the debug flag, local users can read debug files and discover cleartext passwords (information disclosure; confidentiality impact). Patch referen...
CVE-2006-3921
Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...
CVE-2007-1526
CVE-2007-1526 affects Sun Java System Web Server 6.1 prior to 20070314. The flaw allows remote authenticated users with revoked client certificates to bypass CRL checks and access secure web server instances running under a different admin account via unspecified vectors. Remediation in the conne...
CVE-2009-2445
The CVE-2009-2445 issue affects Oracle iPlanet Web Server (formerly Sun Java System Web Server) on Windows, specifically 6.1 before SP12 and 7.0 through Update 6. The vulnerability permits remote attackers to disclose arbitrary JSP files by exploiting an alternate data stream syntax (for example,...
CVE-2006-6276
Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...
CVE-2010-0272
CVE-2010-0272 is discussed across multiple sources as a Sun Java System Web Server 7.0–era issue. Connected Red Hat data ties CVE-2010-0360 to a heap-overflow condition caused by a malformed HTTP TRACE request that can overwrite and reveal memory contents, suggesting a related memory-overwrite vu...
CVE-2010-0389
CVE-2010-0389 affects Sun Java System Web Server 7.0 Update 6 (admin server). The vulnerability is a NULL pointer dereference in the admin server that can be triggered by an HTTP request missing a method token, leading to a denial of service (daemon crash). OpenVAS/OpenVAS-derived entries and Red...
CVE-2007-1488
CVE-2007-1488 concerns Sun Java System Web Server 6.0 and 6.1 prior to 20070315. The initial description marks the vulnerability as unspecified and notes that remote attackers could gain unauthorized access to data (potentially involving a sample application). The connected documents confirm the ...
CVE-2010-0388
CVE-2010-0388 affects Sun Java System Web Server 7.0 Update 6 WebDAV/WEB service (webservd). The issue is a format string vulnerability in the XML declaration encoding attribute in PROPFIND requests within WebDAV, allowing remote attackers to trigger a daemon crash (DoS) and potentially other imp...
CVE-2007-4164
CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...
CVE-2007-6571
CVE-2007-6571 describes a cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected product/version: Sun Java System Web Proxy Server 3.6 prior to SP11...
CVE-2004-2216
Technical details about CVE-2004-2216 are not publicly available in the provided documents. Monitor for updates from additional sources; no specific affected products, root cause, or remediation are disclosed here.
CVE-2007-6570
CVE-2007-6570 describes a Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server’s View URL Database functionality. Affected software versions are Sun Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11. The vulnerability allows remote attackers to inject arbitrary web...
CVE-2008-2518
CVE-2008-2518 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3, affecting the advanced search (webapps/search/advanced.jsp). The underlying issue is an HTML/script injection via unspecified vectors (likely related to the next parameter). Exploitation de...
CVE-2000-0812
The CVE-2000-0812 entry concerns Sun Java Web Server; the admin module is vulnerable to remote code execution. An attacker can upload Java code to the module and trigger the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL starting with /servlet/, enabling execution of arbitra...
CVE-2006-5654
CVE-2006-5654 concerns the NSS component used by Sun Java System Web Server 6.0 (pre-SP10) and ONE Application Server 7 (pre-Update 3) when SSLv2 is enabled, allowing remote authenticated users to cause a denial of service. Connected documents indicate related NSS issues (e.g., CVE-2006-5201) and...
CVE-2007-6569
Sun Java System Web Proxy Server 4.x (and Web Server) are vulnerable to cross-site scripting in the View Error Log/related log-viewing function (BugID 6566246). The JVN entry confirms the issue is a client-side script injection via unspecified vectors, affecting the Web Server and Web Proxy Serve...
CVE-2008-2166
CVE-2008-2166 affects Sun Java System Web Server 6.1 (pre-SP9) and 7.0 (pre-Update 2). The issue is a cross-site scripting vulnerability in the Search module (index.jsp) caused by insufficient input sanitization, enabling remote injection of arbitrary script/HTML. The connected documents provide ...
CVE-2009-3878
The CVE refers to a buffer overflow in Sun Java System Web Server 7.0 Update 6. The connected OpenVAS entries confirm Windows and Linux variants of a Sun Java System Web Server Buffer Overflow vulnerability (CPE: s sun java_system_web_server). The root cause is a buffer overflow in the server com...
CVE-2000-0629
The CVE-2000-0629 issue affects Sun Java Web Server 2.0 and earlier, where the default installation includes the bboard servlet (/servlet/sunexamples.BBoardServlet) that has a well-known vulnerability allowing an attacker to execute arbitrary commands with the web server’s privileges. This is tri...
CVE-2007-6572
CVE-2007-6572 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (BugID 6566204). Affected components: Sun Java System Web Server 6.1 (pre-SP8) and 7.0 (pre-Update ...
CVE-2008-2120
CVE-2008-2120 is an information-disclosure vulnerability in Sun Java System Application Server 7 (2004Q2) before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 that allows remote attackers to obtain the source code of JSP files via unknown vectors. Affected components are...
CVE-2005-1150
The CVE-2005-1150 entry describes an unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier when running on Windows, which can allow an attacker to cause a denial of service (hang). The available connected records corroborate the affected product and Windows-based DoS impact but ...
CVE-2005-1889
Technical details about CVE-2005-1889 are not provided in the supplied documents; no concrete information on affected versions, root cause, or remediation is available here.