This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2005-06-07
Product Java System Web Server Last view 2009-07-13
Version 6.1 Type Application
Update sp8  
Edition windows  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_web_server

Activity : Overall

Related : CVE

  Date Alert Description
5 2009-07-13 CVE-2009-2445

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

4.3 2009-06-05 CVE-2009-1934

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

5 2008-05-09 CVE-2008-2120

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

6.8 2006-05-19 CVE-2006-2501

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

5 2005-06-07 CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-200 Information Exposure
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
55655 Sun Java System Web Server ::$DATA Extension Request JSP Resource Disclosure
54872 Sun Java System Web Server Reverse Proxy Plug-in Unspecified XSS
44948 Sun Java System Web Server / Application Server Unspecified JSP Source Disclo...
25634 Sun ONE/Java System Web Server Error Page XSS
17146 Sun ONE Application Server Unspecified File Disclosure

OpenVAS Exploits

id Description
2009-07-22 Name : Sun Java System Web Server '.jsp' Information Disclosure Vulnerability (Win)
File : nvt/gb_sun_java_sys_web_serv_info_disc_vuln.nasl
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_lin.nasl
2009-06-19 Name : Sun Java System Web Proxy Server Vulnerabilities (Win)
File : nvt/gb_sun_java_sys_web_serv_xss_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2008-B-0045 Multiple Sun Java System Application Server and Web Server Vulnerabilities
Severity: Category II - VMSKEY: V0016025

Snort® IPS/IDS

Date Description
2014-01-10 Oracle ONE Web Server JSP source code disclosure attempt
RuleID : 16682 - Type : SERVER-WEBAPP - Revision : 9

Nessus® Vulnerability Scanner

id Description
2009-07-07 Name: The remote web server is affected by a source code disclosure vulnerability.
File: sun_web_svr_jsp_src_disclosure.nasl - Type: ACT_ATTACK
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris10_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris8_116648.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 116648-25
File: solaris9_116648.nasl - Type: ACT_GATHER_INFO