This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:sun:java_system_application_server
Detail
VendorSunFirst view 2004-12-31
ProductJava System Application ServerLast view 2012-10-16
VersionTypeApplication
Edition 
Language 
Update 

Activity : Overall

COMMON PLATFORM ENUMERATION : Repartition per Version

CPE NameAffected CVE
cpe:/a:sun:java_system_application_server:9.1_02:b04-fcs1
cpe:/a:sun:java_system_application_server:9.1_011
cpe:/a:sun:java_system_application_server:9.1_01:b09d-fcs1
cpe:/a:sun:java_system_application_server:9.12
cpe:/a:sun:java_system_application_server:9.0_0.11
Hide | Show 48 More...
CPE NameAffected CVE
cpe:/a:sun:java_system_application_server:9.0::platform_x861
cpe:/a:sun:java_system_application_server:9.0::platform2
cpe:/a:sun:java_system_application_server:9.0::platform_linux1
cpe:/a:sun:java_system_application_server:9.0::platform_sparc1
cpe:/a:sun:java_system_application_server:9.0::platform_windows1
cpe:/a:sun:java_system_application_server:8.2::platform_linux1
cpe:/a:sun:java_system_application_server:8.2::platform_sparc1
cpe:/a:sun:java_system_application_server:8.2::platform_windows1
cpe:/a:sun:java_system_application_server:8.22
cpe:/a:sun:java_system_application_server:8.2::platform_x861
cpe:/a:sun:java_system_application_server:8.2::enterprise2
cpe:/a:sun:java_system_application_server:8.2::sparc1
cpe:/a:sun:java_system_application_server:8.2::enterprise_linux1
cpe:/a:sun:java_system_application_server:8.2::windows1
cpe:/a:sun:java_system_application_server:8.2::enterprise_sparc1
cpe:/a:sun:java_system_application_server:8.2::x861
cpe:/a:sun:java_system_application_server:8.2::enterprise_windows1
cpe:/a:sun:java_system_application_server:8.2::enterprise_x861
cpe:/a:sun:java_system_application_server:8.2::linux1
cpe:/a:sun:java_system_application_server:8.2::platform2
cpe:/a:sun:java_system_application_server:8.1:ur11
cpe:/a:sun:java_system_application_server:8.1:ur1:platform4
cpe:/a:sun:java_system_application_server:8.12
cpe:/a:sun:java_system_application_server:8.1::enterprise6
cpe:/a:sun:java_system_application_server:8.1::linux1
cpe:/a:sun:java_system_application_server:8.1::platform4
cpe:/a:sun:java_system_application_server:8.1::sparc1
cpe:/a:sun:java_system_application_server:8.1::standard1
cpe:/a:sun:java_system_application_server:8.1::windows1
cpe:/a:sun:java_system_application_server:8.1::x861
cpe:/a:sun:java_system_application_server:7.12
cpe:/a:sun:java_system_application_server:7.0::standard6
cpe:/a:sun:java_system_application_server:7.0:ur6:platform2
cpe:/a:sun:java_system_application_server:7.0:ur1:enterprise3
cpe:/a:sun:java_system_application_server:7.0:ur6:standard2
cpe:/a:sun:java_system_application_server:7.0:ur1:standard4
cpe:/a:sun:java_system_application_server:7.0:ur2:enterprise3
cpe:/a:sun:java_system_application_server:7.0:ur2:platform2
cpe:/a:sun:java_system_application_server:7.0:ur2:standard4
cpe:/a:sun:java_system_application_server:7.0:ur3:enterprise1
cpe:/a:sun:java_system_application_server:7.0:ur3:standard1
cpe:/a:sun:java_system_application_server:7.08
cpe:/a:sun:java_system_application_server:7.0:ur45
cpe:/a:sun:java_system_application_server:7.0::enterprise3
cpe:/a:sun:java_system_application_server:7.0:ur5:platform3
cpe:/a:sun:java_system_application_server:7.0::platform6
cpe:/a:sun:java_system_application_server:7.0:ur5:standard3
cpe:/a:sun:java_system_application_server:6.0::platform1

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-10-16 CVE-2012-3155 Network Low None Requ...
10 2011-04-19 CVE-2011-0807 Network Low None Requ...
4.3 2010-01-25 CVE-2010-0386 Network Medium None Requ...
5 2009-01-26 CVE-2009-0278 Network Low None Requ...
4.3 2008-11-28 CVE-2008-5266 Network Medium None Requ...
Hide | Show 17 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2008-06-18 CVE-2008-2751 Network Medium None Requ...
5 2008-05-09 CVE-2008-2120 Network Low None Requ...
6.8 2007-10-01 CVE-2007-5153 Network Medium None Requ...
7.5 2007-10-01 CVE-2007-5152 Network Low None Requ...
5 2007-08-23 CVE-2007-4511 Network Low None Requ...
4.3 2007-07-26 CVE-2007-4025 Network Medium None Requ...
9.3 2007-07-11 CVE-2007-3715 Network Medium None Requ...
6.8 2006-12-04 CVE-2006-6276 Network Medium None Requ...
4 2006-07-28 CVE-2006-3921 Network Low Requires ...
2.6 2006-06-26 CVE-2006-3225 Network High None Requ...
6.8 2006-05-19 CVE-2006-2501 Network Medium None Requ...
5 2005-12-31 CVE-2005-4805 Network Low None Requ...
5 2005-12-31 CVE-2005-4804 Network Low None Requ...
4 2005-12-07 CVE-2005-4046 Network High None Requ...
4.3 2005-05-02 CVE-2005-0742 Network Medium None Requ...
5 2004-12-31 CVE-2004-2216 Network Low None Requ...
7.5 2004-12-31 CVE-2004-0826 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
25% (2)CWE-200Information Exposure
25% (2)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1)CWE-287Improper Authentication
12% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
12% (1)CWE-20Improper Input Validation
Hide | Show 1 More...
%idName
12% (1)CWE-16Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-47Buffer Overflow via Parameter Expansion

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
71948Oracle Sun GlassFish Enterprise Server / Java System Application Server Craft...
51604Sun Java System Application Server Multiple Directory Web Application Configu...
46730GlassFish Application Server resourceNode/jdbcConnectionPoolNew1.jsf Multiple...
46729GlassFish Application Server applications/lifecycleModulesNew.jsf Multiple Pa...
46728GlassFish Application Server resourceNode/jdbcResourceNew.jsf Multiple Parame...
Hide | Show 20 More...
idDescription
46727GlassFish Application Server resourceNode/jmsConnectionNew.jsf Multiple Param...
46726GlassFish Application Server resourceNode/jmsDestinationNew.jsf Multiple Para...
46725GlassFish Application Server resourceNode/externalResourceNew.jsf Multiple Pa...
46724GlassFish Application Server resourceNode/customResourceNew.jsf Multiple Para...
46074GlassFish Administration Console for Sun Java System Application Server confi...
45828Sun Application Server Admin Console ORB Listener Services Weak Cipher Persis...
44948Sun Java System Web Server / Application Server Unspecified JSP Source Disclo...
37758Sun Java System Access Manager Container Restart Authentication Bypass
37757Sun Java System Access Manager Unspecified Remote Code Execution
37250Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Di...
37248Sun Java System Web / Application Server Crafted XSLT Stylesheet Arbitrary Ja...
31727Sun Java System Server Products HTTP Request Smuggling
27587Sun Java System Application/Web Server Unspecified Arbitrary File Disclosure
26792Sun Java System Application Server Unspecified XSS
25634Sun ONE/Java System Web Server Error Page XSS
21461Sun Java Reverse SSL Proxy Plug-in MITM Weakness
19950Sun Java System Application Server Unspecified JSP Source Code Disclosure
19391Sun Java System Application Server JAR File Content Disclosure
15003Sun Java System Application Server Unspecified XSS
11408Sun Java System Application Server HTTP TRACE Response XSS

Metasploit Exploits

idDescription
2011-08-04Sun/Oracle GlassFish Server Authenticated Code Execution

OpenVAS Exploits

idDescription
2012-10-25Name : Oracle GlassFish/Java System Application Server CORBA ORB Subcomponent DoS Vu...
File : nvt/secpod_oracle_glassfish_n_sjas_corba_orb_comp_dos_vuln.nasl
2011-04-22Name : Oracle GlassFish/System Application Server Security Bypass Vulnerability
File : nvt/gb_oracle_glassfish_n_sjas_sec_bypass_vuln.nasl
2010-02-08Name : Sun Java System Application Server Cross Site Tracing Vulnerability
File : nvt/gb_sun_java_app_serv_xst_vuln.nasl
2009-02-06Name : Sun Java System Application Server Information Disclosure vulnerability
File : nvt/secpod_sun_java_app_serv_info_disc_vuln.nasl
2008-09-04Name : FreeBSD Ports: nss
File : nvt/freebsd_nss.nasl
Hide | Show 1 More...
idDescription
2005-11-03Name : NSS Library SSLv2 Challenge Overflow
File : nvt/sslv2_hello_overflow.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2009-T-0009Sun Java System Application Server Information Disclosure Vulnerability
Severity : Category II - VMSKEY : V0018273
2008-B-0045Multiple Sun Java System Application Server and Web Server Vulnerabilities
Severity : Category II - VMSKEY : V0016025

Snort® IPS/IDS

DateDescription
2014-01-10SSLv2 Client_Hello Challenge Length overflow attempt
RuleID : 2656-community - Type : SERVER-WEBAPP - Revision : 21
2014-01-10SSLv2 Client_Hello Challenge Length overflow attempt
RuleID : 2656 - Type : SERVER-WEBAPP - Revision : 21
2014-01-10Oracle GlassFish Server successful authentication bypass attempt
RuleID : 20160 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10Oracle GlassFish Server authentication bypass attempt
RuleID : 20159 - Type : SERVER-WEBAPP - Revision : 7
2014-01-10Oracle GlassFish Server default credentials login attempt
RuleID : 20158 - Type : SERVER-WEBAPP - Revision : 9
Hide | Show 2 More...
DateDescription
2014-01-10Oracle GlassFish Server war file upload attempt
RuleID : 20157 - Type : SERVER-ORACLE - Revision : 8
2014-01-10SSLv1 Client_Hello Challenge Length overflow attempt
RuleID : 15897 - Type : WEB-MISC - Revision : 4

Nessus® Vulnerability Scanner

idDescription
2013-07-18Name : The remote host has an application server installed that is affected by an in...
File : sun_java_app_server_info_disclosure.nasl - Type : ACT_GATHER_INFO
2011-08-17Name : The remote web server has an authentication bypass vulnerability that may per...
File : glassfish_get_auth_bypass.nasl - Type : ACT_ATTACK
2009-04-23Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_207f8ff3f69711d881b0000347a4fa7d.nasl - Type : ACT_GATHER_INFO
2007-10-18Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris8_124672.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris10_124672.nasl - Type : ACT_GATHER_INFO
Hide | Show 18 More...
idDescription
2007-10-17Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote host is missing Sun Security Patch number 124673-20
File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote host is missing Sun Security Patch number 124672-20
File : solaris9_124672.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris10_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris8_125437.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125438-22
File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125437-22
File : solaris9_125437.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris8_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris9_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 119167-43
File : solaris9_x86_119167.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris10_116648.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris9_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 119166-43
File : solaris10_119166.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 119167-43
File : solaris10_x86_119167.nasl - Type : ACT_GATHER_INFO
2006-11-06Name : The remote host is missing Sun Security Patch number 116648-25
File : solaris8_116648.nasl - Type : ACT_GATHER_INFO
2004-08-24Name : The remote service is susceptible to a buffer overflow attack.
File : sslv2_hello_overflow.nasl - Type : ACT_MIXED_ATTACK
2003-01-23Name : Debugging functions are enabled on the remote web server.
File : xst_http_trace.nasl - Type : ACT_GATHER_INFO