This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2005-06-07
Product Java System Web Server Last view 2009-06-05
Version 6.1 Type Application
Update sp6  
Edition x86  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_web_server

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2009-06-05 CVE-2009-1934

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

5 2008-05-09 CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

6.8 2006-05-19 CVE-2006-2501

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

5 2005-06-07 CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-200 Information Exposure
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
54872 Sun Java System Web Server Reverse Proxy Plug-in Unspecified XSS
44948 Sun Java System Web Server / Application Server Unspecified JSP Source Disclo...
25634 Sun ONE/Java System Web Server Error Page XSS
17146 Sun ONE Application Server Unspecified File Disclosure

OpenVAS Exploits

id Description
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_lin.nasl
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-B-0045 Multiple Sun Java System Application Server and Web Server Vulnerabilities
Severity: Category II - VMSKEY: V0016025

Nessus® Vulnerability Scanner

id Description
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris10_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris8_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris9_116648.nasl - Type: ACT_GATHER_INFO