One Web Server@6.0 Security Vulnerabilities and Issues — One Web Server@6.0 CVE List

Lucene search

SunOne Web Server6.0

10 matches found

CVE•added 2004/12/31 5:0 a.m.•142 views

CVE-2004-0826

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

7.5CVSS7.7AI score0.02995EPSS

CVE•added 2009/06/01 10:30 p.m.•89 views

CVE-2004-2763

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

5.8CVSS5.9AI score0.00408EPSS

CVE•added 2010/02/05 10:30 p.m.•56 views

CVE-2003-1579

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing num...

4.3CVSS6.9AI score0.00224EPSS

CVE•added 2002/10/04 4:0 a.m.•54 views

CVE-2002-1042

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

5CVSS6.8AI score0.08581EPSS

CVE•added 2006/05/20 3:2 a.m.•52 views

CVE-2006-2501

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and e...

6.8CVSS5.9AI score0.06441EPSS

CVE•added 2010/02/05 10:30 p.m.•40 views

CVE-2003-1577

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in c...

2.6CVSS6AI score0.02076EPSS

CVE•added 2010/02/25 7:30 p.m.•40 views

CVE-2003-1589

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

5CVSS6.7AI score0.00361EPSS

CVE•added 2010/02/25 7:30 p.m.•37 views

CVE-2003-1590

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.

5CVSS6.8AI score0.00436EPSS

CVE•added 2010/02/05 10:30 p.m.•35 views

CVE-2003-1578

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning ...

4.3CVSS7AI score0.00285EPSS

CVE•added 2005/03/12 5:0 a.m.•32 views

CVE-2003-1126

Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.

5CVSS7AI score0.01076EPSS