12 matches found
CVE-2004-0826
CVE-2004-0826 affects the Netscape Network Security Services (NSS) library’s SSLv2 record parsing. The issue is a heap-based buffer overflow triggered by a modified record length field in an SSLv2 client hello, allowing a remote attacker to execute arbitrary code. Multiple advisories and OpenVAS ...
CVE-2004-2763
The Red Hat and SUSE entries for CVE-2010-0386 describe the same class of issue as CVE-2004-2763: default installations of Sun Java System Application Server 7 enable the HTTP TRACE method, enabling cross-site tracing that can expose cookies and credentials. This is a related but distinct advisor...
CVE-2009-1934
Sun Java System Web Server 6.1 (Reverse Proxy Plug-in) is vulnerable to an XSS issue (CVE-2009-1934) in scenarios that trigger a 502 Gateway error. The vulnerability affects the Reverse Proxy Plug-in before SP11, allowing remote attackers to inject arbitrary script via the query string. The avail...
CVE-2006-2501
CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...
CVE-2003-1579
CVE-2003-1579 affects Sun ONE (iPlanet) Web Server 6 on Windows. When DNS resolution is enabled for client IPs, the logging format does not clearly indicate if a dotted quad is unresolved, enabling remote attackers to spoof IPs via crafted DNS responses containing numerical top-level domains (ILL...
CVE-2002-1042
CVE-2002-1042 describes a directory traversal flaw in iPlanet Web Server 6.0 SP2, 4.1 SP9, and Netscape Enterprise Server 3.6 on Windows, allowing remote attackers to read arbitrary files via ..\ in the NS-query-pat parameter. Connected sources confirm the affected products and the vulnerable par...
CVE-2005-2094
Sun SunONE web server 6.1 SP1 is affected by CVE-2005-2094. The vulnerability arises in HTTP request processing when a request contains both Transfer-Encoding: chunked and Content-Length headers, leading SunONE to mishandle and forward the request body as if it were a separate HTTP request. This ...
CVE-2003-1577
CVE-2003-1577 affects Sun ONE/iPlanet Web Server 4.1–SP12 and 6.0–SP5 when DNS resolution is enabled for client IPs. A crafted DNS response can be combined with an HTTP request to inject arbitrary text into server logs and trigger cross-site scripting (XSS) in the iPlanet Log Analyzer, via an Inv...
CVE-2003-1589
CVE-2003-1589 affects Sun ONE (iPlanet) Web Server on Windows, specifically versions 4.1 before SP13 and 6.0 before SP6. The vulnerability is described as unspecified and leads to a denial of service (daemon crash) via unknown vectors. The available references reiterate the DoS impact but do not ...
CVE-2003-1590
CVE-2003-1590 concerns Sun ONE (iPlanet) Web Server 6.0 SP3–SP5 on Windows, described as an unspecified vulnerability that allows remote attackers to trigger a denial of service (daemon crash) via unknown vectors. The available records do not specify the exact root cause, impacted subcomponents, ...
CVE-2003-1578
The CVE-2003-1578 entry concerns Sun ONE (iPlanet) Web Server 4.1–SP12 and 6.0–SP5 when DNS resolution is enabled for client IPs. The underlying issue, described as an Inverse Lookup Log Corruption (ILLC) vulnerability, allows remote attackers to hide HTTP requests from the log-preview functional...
CVE-2003-1126
CVE-2003-1126 affects Sun One/iPlanet Web Server running on Windows platforms with SP3–SP5. The vulnerability permits remote denial of service, as described in multiple sources. The connected documents provide the same general impact and do not specify affected product versions beyond SP3–SP5 or ...