cvelistv5 - cve-2006-6276

CVE-2006-6276 (GCVE-0-2006-6276)

Vulnerability from cvelistv5

Published

2006-12-04 11:00

Modified

2024-08-07 20:19

Severity ?

CWE

Summary

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

References

►

URL

Tags

cve@mitre.org	http://secunia.com/advisories/23186	Broken Link
cve@mitre.org	http://securitytracker.com/id?1017322	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://securitytracker.com/id?1017323	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://securitytracker.com/id?1017324	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1	Broken Link, Patch
cve@mitre.org	http://www.securityfocus.com/bid/21371	Broken Link, Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4793	Broken Link
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30662	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23186	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017322	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017323	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017324	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1	Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21371	Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4793	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30662	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:19:35.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102733",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
          },
          {
            "name": "23186",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23186"
          },
          {
            "name": "1017324",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017324"
          },
          {
            "name": "sunserver-proxy-csrf(30662)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
          },
          {
            "name": "ADV-2006-4793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4793"
          },
          {
            "name": "21371",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21371"
          },
          {
            "name": "1017323",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017323"
          },
          {
            "name": "1017322",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "102733",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
        },
        {
          "name": "23186",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23186"
        },
        {
          "name": "1017324",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017324"
        },
        {
          "name": "sunserver-proxy-csrf(30662)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
        },
        {
          "name": "ADV-2006-4793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4793"
        },
        {
          "name": "21371",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21371"
        },
        {
          "name": "1017323",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017323"
        },
        {
          "name": "1017322",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102733",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
            },
            {
              "name": "23186",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23186"
            },
            {
              "name": "1017324",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017324"
            },
            {
              "name": "sunserver-proxy-csrf(30662)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
            },
            {
              "name": "ADV-2006-4793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4793"
            },
            {
              "name": "21371",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21371"
            },
            {
              "name": "1017323",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017323"
            },
            {
              "name": "1017322",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6276",
    "datePublished": "2006-12-04T11:00:00",
    "dateReserved": "2006-12-03T00:00:00",
    "dateUpdated": "2024-08-07T20:19:35.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-6276\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-12-04T11:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB26B3D-4DF0-45C2-9ECA-202C829392D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"721D0068-2664-4E92-9D96-9007F2120450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9134A420-1A6E-48C0-A6CE-5AE555FC0D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D36EE342-0A55-4F2E-9037-14C0975CEA9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E592549-5C28-4F0A-B407-06A33B3CFFF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044D96F6-7A18-4295-A665-16F1A6630963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BB3993-C089-421F-987E-D6294E8C909E\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/23186\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1017322\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017324\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/21371\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4793\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30662\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/23186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1017322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securitytracker.com/id?1017324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/21371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30662\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-vphg-jwvg-jv3g

Vulnerability from github

Published

2022-05-01 07:36

Modified

2022-05-01 07:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-6276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-12-04T11:28:00Z",
    "severity": "MODERATE"
  },
  "details": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.",
  "id": "GHSA-vphg-jwvg-jv3g",
  "modified": "2022-05-01T07:36:25Z",
  "published": "2022-05-01T07:36:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-6276"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23186"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017322"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017323"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017324"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/21371"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4793"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-6276

Vulnerability from fkie_nvd

Published

2006-12-04 11:28

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/23186	Broken Link
cve@mitre.org	http://securitytracker.com/id?1017322	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://securitytracker.com/id?1017323	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://securitytracker.com/id?1017324	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1	Broken Link, Patch
cve@mitre.org	http://www.securityfocus.com/bid/21371	Broken Link, Patch, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4793	Broken Link
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30662	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23186	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017322	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017323	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017324	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1	Broken Link, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21371	Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4793	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30662	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
sun	java_system_application_server	7.0
sun	java_system_application_server	8.1
sun	java_system_web_proxy_server	-
sun	java_system_web_proxy_server	3.6
sun	java_system_web_proxy_server	4.0
sun	java_system_web_server	6.0
sun	java_system_web_server	6.1
sun	one_application_server	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados."
    }
  ],
  "id": "CVE-2006-6276",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-04T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/23186"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017322"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017323"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/21371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4793"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/23186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/21371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2006-6276

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-6276

Aliases

CVE-2006-6276

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-6276",
    "description": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.",
    "id": "GSD-2006-6276"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-6276"
      ],
      "details": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.",
      "id": "GSD-2006-6276",
      "modified": "2023-12-13T01:19:54.472970Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-6276",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102733",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
          },
          {
            "name": "23186",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23186"
          },
          {
            "name": "1017324",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017324"
          },
          {
            "name": "sunserver-proxy-csrf(30662)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
          },
          {
            "name": "ADV-2006-4793",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4793"
          },
          {
            "name": "21371",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/21371"
          },
          {
            "name": "1017323",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017323"
          },
          {
            "name": "1017322",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017322"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados."
          }
        ],
        "id": "CVE-2006-6276",
        "lastModified": "2024-02-09T02:34:42.803",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2006-12-04T11:28:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/23186"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1017322"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1017323"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1017324"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Patch"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Patch",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/21371"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4793"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-444"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-6276 (GCVE-0-2006-6276)

Vulnerability from cvelistv5

ghsa-vphg-jwvg-jv3g

Vulnerability from github

fkie_cve-2006-6276

Vulnerability from fkie_nvd

gsd-2006-6276

Vulnerability from gsd

Tags

Sightings

Nomenclature