Vulnerabilites related to Sun Microsystems, Inc. - Sun Java System Web Server
jvndb-2007-000823
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server
Details
Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting. Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000823.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Sun Java System Web Server and Sun Java System Web Proxy Server are vulnerable to cross-site scripting.\r\n\r\nSun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000823.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sun:java_system_web_proxy_server",
      "@product": "Sun Java System Web Proxy Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:java_system_web_server",
      "@product": "Sun Java System Web Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000823",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN89292430/index.html",
      "@id": "JVN#89292430",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6569",
      "@id": "CVE-2007-6569",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6569",
      "@id": "CVE-2007-6569",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/28216/",
      "@id": "SA28216",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/28186",
      "@id": "SA28186",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/26978",
      "@id": "26978",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4313",
      "@id": "FrSIRT/ADV-2007-4313",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server"
}

jvndb-2006-000293
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Sun Java System Web Server cross-site scripting vulnerability
Details
Sun Java System Web Server (originally called Sun ONE Web Server) contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000293.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Sun Java System Web Server (originally called Sun ONE Web Server) contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000293.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sun:java_system_application_server",
      "@product": "Sun Java System Application Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:java_system_web_server",
      "@product": "Sun Java System Web Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sun:one_application_server",
      "@product": "Sun ONE Application Server",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000293",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN03D5EAA8/index.html",
      "@id": "JVN#03D5EAA8",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2501",
      "@id": "CVE-2006-2501",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2501",
      "@id": "CVE-2006-2501",
      "@source": "NVD"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/114956",
      "@id": "VU#114956",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.securityfocus.com/bid/18035",
      "@id": "18035",
      "@source": "BID"
    }
  ],
  "title": "Sun Java System Web Server cross-site scripting vulnerability"
}