CVE-2006-3225

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1
http://www.securityfocus.com/bid/18635
http://securitytracker.com/id?1016378
http://secunia.com/advisories/20835
http://www.vupen.com/english/advisories/2006/2508
https://exchange.xforce.ibmcloud.com/vulnerabilities/27392

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:one_application_server::update_8::::::*
	cpe:2.3:a:sun:java_system_application_server:8.1::enterprise:::::
	cpe:2.3:a:sun:java_system_application_server::ur4::::::*

Information

Published : 2006-06-26 09:05

Updated : 2017-07-19 18:32

NVD link : CVE-2006-3225

Mitre link : CVE-2006-3225

JSON object : View

CWE

NVD-CWE-Other

Products Affected

sun

java_system_application_server
one_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1", "name": "102479", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.securityfocus.com/bid/18635", "name": "18635", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016378", "name": "1016378", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/20835", "name": "20835", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/2508", "name": "ADV-2006-2508", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392", "name": "sun-java-parameters-xss(27392)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3225", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-26T16:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:one_application_server:*:update_8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0"}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_application_server:*:ur4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}

2.6 /10