This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2005-11-02
Product Java System Communications Express Last view 2011-01-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sun:java_system_communications_express:*:*:*:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_communications_express:6.3:*:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.2:*:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.2:*:x86:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.3:*:x86:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.2:*:linux:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.3:*:linux:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.3:*:sparc:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:6.2:*:sparc:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.3 2011-01-19 CVE-2010-4456

Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.

4.3 2010-04-01 CVE-2010-1227

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.

4.3 2009-05-21 CVE-2009-1729

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.

4.3 2009-03-12 CVE-2009-0877

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.

5 2005-11-02 CVE-2005-3472

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

CWE : Common Weakness Enumeration

%idName
100% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
70586 Sun Java System Communications Express Web Mail Unspecified Remote Issue
63520 Sun Java System Communications Express Message Subject Field XSS
54610 Sun Java System Communications Express uwc/abs/search.xml abperson_displayNam...
54609 Sun Java System Communications Express uwc/base/UWCMain URL Parameter XSS
52718 Sun Java System Communications Express Multiple Field XSS
20448 Sun Java System Communications Express Remote Configuration File Disclosure

Nessus® Vulnerability Scanner

id Description
2007-04-19 Name: The remote host is missing Sun Security Patch number 122793-36
File: solaris10_122793.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 122794-36
File: solaris10_x86_122794.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 122793-36
File: solaris9_122793.nasl - Type: ACT_GATHER_INFO
2007-04-19 Name: The remote host is missing Sun Security Patch number 122794-36
File: solaris9_x86_122794.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 118540-42
File: solaris10_118540.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 118541-42
File: solaris10_x86_118541.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 118540-42
File: solaris8_118540.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 118540-42
File: solaris9_118540.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 118541-42
File: solaris9_x86_118541.nasl - Type: ACT_GATHER_INFO