Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2445 | 1 Sun | 1 Java System Web Server | 2011-08-28 | 5.0 MEDIUM | N/A |
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. | |||||
CVE-2010-0360 | 1 Sun | 1 Java System Web Server | 2011-04-27 | 10.0 HIGH | N/A |
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | |||||
CVE-2010-0361 | 1 Sun | 1 Java System Web Server | 2011-04-27 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request. | |||||
CVE-2007-6569 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2011-03-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | |||||
CVE-2007-1526 | 1 Sun | 1 Java System Web Server | 2011-03-07 | 6.0 MEDIUM | N/A |
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | |||||
CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2011-03-07 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
CVE-2010-0389 | 1 Sun | 1 Java System Web Server | 2010-01-30 | 5.0 MEDIUM | N/A |
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token. | |||||
CVE-2010-0273 | 1 Sun | 1 Java System Web Server | 2010-01-11 | 7.5 HIGH | N/A |
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-2713 | 1 Sun | 2 Java System Access Manager, Java System Web Server | 2009-08-14 | 4.3 MEDIUM | N/A |
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2009-2712 | 1 Sun | 3 Java System Access Manager, Java System Web Server, Opensso Enterprise | 2009-08-14 | 2.1 LOW | N/A |
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | |||||
CVE-2000-0629 | 1 Sun | 1 Java System Web Server | 2008-09-10 | 7.5 HIGH | N/A |
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. | |||||
CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). |