Lucene search
K
SunOne Application Server

12 matches found

CVE
CVE
added 2004/09/02 4:0 a.m.161 views

CVE-2004-0826

CVE-2004-0826 affects the Netscape Network Security Services (NSS) library’s SSLv2 record parsing. The issue is a heap-based buffer overflow triggered by a modified record length field in an SSLv2 client hello, allowing a remote attacker to execute arbitrary code. Multiple advisories and OpenVAS ...

7.5CVSS7.7AI score0.22525EPSS
CVE
CVE
added 2006/05/20 2:59 a.m.72 views

CVE-2006-2501

CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...

6.8CVSS5.9AI score0.03398EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.69 views

CVE-2002-1042

CVE-2002-1042 describes a directory traversal flaw in iPlanet Web Server 6.0 SP2, 4.1 SP9, and Netscape Enterprise Server 3.6 on Windows, allowing remote attackers to read arbitrary files via ..\ in the NS-query-pat parameter. Connected sources confirm the affected products and the vulnerable par...

5CVSS6.8AI score0.03854EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.63 views

CVE-2003-0413

CVE-2003-0413 describes a cross-site scripting (XSS) vulnerability in the webapps-simple sample application used with Sun ONE Application Server 7.0 (Windows 2000/XP) or Sun Java System Web Server 6.1. The issue allows remote attackers to inject arbitrary web script/HTML via an HTTP request that ...

6.8CVSS6.1AI score0.06739EPSS
CVE
CVE
added 2006/12/04 11:0 a.m.62 views

CVE-2006-6276

Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...

6.8CVSS6.5AI score0.0361EPSS
CVE
CVE
added 2005/12/07 11:0 a.m.58 views

CVE-2005-4046

The CVE-2005-4046 entry affects the Reverse SSL Proxy Plug-in used with Sun Java System Application Server Standard Edition 7 (2004Q2), Application Server Enterprise Edition 8.1 (2005Q1), and Sun ONE Application Server 7 Standard Edition. The vulnerability is unspecified but allows remote attacke...

4CVSS7.1AI score0.017EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.55 views

CVE-2003-0414

The CVE-2003-0414 entry describes a vulnerability in Sun ONE Application Server 7.0 on Windows 2000/XP where a generated statefile is created with world-readable permissions. This allows a local attacker to read the plaintext password stored in the statefile, enabling privilege escalation or unau...

7.2CVSS7.1AI score0.00377EPSS
CVE
CVE
added 2006/11/03 12:0 a.m.53 views

CVE-2006-5654

CVE-2006-5654 concerns the NSS component used by Sun Java System Web Server 6.0 (pre-SP10) and ONE Application Server 7 (pre-Update 3) when SSLv2 is enabled, allowing remote authenticated users to cause a denial of service. Connected documents indicate related NSS issues (e.g., CVE-2006-5201) and...

4CVSS6AI score0.02044EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1815

CVE-2004-1815 affects ColdFusion MX 6.0/6.1 and JRun 4.0 where a SOAP web service expecting an array of objects as an argument can trigger a denial of service via memory exhaustion. The connected advisory (CPAI-2004-114) indicates the issue involves how Apache Axis handles SOAP arrays within requ...

5CVSS6.7AI score0.01591EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2002-0387

CVE-2002-0387 refers to a buffer overflow in the gxnsapi6.dll NSAPI plugin of the Sun ONE Application Server’s Connector Module. The overflow occurs when handling a long HTTP request URL, enabling a remote attacker to potentially execute arbitrary code on affected hosts. The issue affects Sun ONE...

7.5CVSS8AI score0.0317EPSS
CVE
CVE
added 2003/06/11 4:0 a.m.46 views

CVE-2003-0412

Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of long HTTP requests, which could allow remote attackers to hide malicious activities. The available documents do not provide a remediation or explicit exploit details.

5CVSS7.1AI score0.01733EPSS
CVE
CVE
added 2006/06/26 4:0 p.m.45 views

CVE-2006-3225

CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...

2.6CVSS6.1AI score0.01946EPSS