8 matches found
CVE-2007-3715
CVE-2007-3715 affects Sun Java System Application Server and Web Server (7.0–9.0 prior to 20070710). The issue arises in XSLT transforms used in XML signatures, where an attacker could craft a stylesheet to trigger a context-dependent Java method execution, enabling remote code execution. The des...
CVE-2007-1526
CVE-2007-1526 affects Sun Java System Web Server 6.1 prior to 20070314. The flaw allows remote authenticated users with revoked client certificates to bypass CRL checks and access secure web server instances running under a different admin account via unspecified vectors. Remediation in the conne...
CVE-2007-6571
CVE-2007-6571 describes a cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected product/version: Sun Java System Web Proxy Server 3.6 prior to SP11...
CVE-2007-1488
CVE-2007-1488 concerns Sun Java System Web Server 6.0 and 6.1 prior to 20070315. The initial description marks the vulnerability as unspecified and notes that remote attackers could gain unauthorized access to data (potentially involving a sample application). The connected documents confirm the ...
CVE-2007-4164
CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...
CVE-2007-6570
CVE-2007-6570 describes a Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server’s View URL Database functionality. Affected software versions are Sun Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11. The vulnerability allows remote attackers to inject arbitrary web...
CVE-2007-6569
Sun Java System Web Proxy Server 4.x (and Web Server) are vulnerable to cross-site scripting in the View Error Log/related log-viewing function (BugID 6566246). The JVN entry confirms the issue is a client-side script injection via unspecified vectors, affecting the Web Server and Web Proxy Serve...
CVE-2007-6572
CVE-2007-6572 is an XSS vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (BugID 6566204). Affected components: Sun Java System Web Server 6.1 (pre-SP8) and 7.0 (pre-Update ...