Java System Web Server Security Vulnerabilities and Issues — Java System Web Server CVE List

Lucene search

SunJava System Web Server

10 matches found

CVE•added 2009/08/07 7:0 p.m.•60 views

CVE-2009-2713

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3CVSS5.9AI score0.00417EPSS

CVE•added 2009/06/05 4:0 p.m.•49 views

CVE-2009-1934

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

4.3CVSS5.5AI score0.00603EPSS

CVE•added 2006/07/28 11:4 p.m.•44 views

CVE-2006-3921

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

4CVSS6.1AI score0.00749EPSS

CVE•added 2007/12/28 9:46 p.m.•44 views

CVE-2007-6571

Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

4.3CVSS5.8AI score0.00293EPSS

CVE•added 2006/11/03 12:7 a.m.•41 views

CVE-2006-5654

Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due ...

4CVSS6AI score0.03819EPSS

CVE•added 2007/12/28 9:46 p.m.•39 views

CVE-2007-6569

Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.

4.3CVSS5.8AI score0.00529EPSS

CVE•added 2007/12/28 9:46 p.m.•39 views

CVE-2007-6570

Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.

4.3CVSS5.8AI score0.00723EPSS

CVE•added 2008/06/03 2:32 p.m.•39 views

CVE-2008-2518

Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter...

4.3CVSS5.5AI score0.00529EPSS

CVE•added 2007/12/28 9:46 p.m.•38 views

CVE-2007-6572

Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.

4.3CVSS5.8AI score0.00293EPSS

CVE•added 2008/05/13 8:20 p.m.•37 views

CVE-2008-2166

Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.

4.3CVSS5.4AI score0.00529EPSS