Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sun Subscribe
Filtered by product Java System Web Server
Total 32 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2445 1 Sun 1 Java System Web Server 2011-08-28 5.0 MEDIUM N/A
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
CVE-2010-0360 1 Sun 1 Java System Web Server 2011-04-27 10.0 HIGH N/A
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.
CVE-2010-0361 1 Sun 1 Java System Web Server 2011-04-27 10.0 HIGH N/A
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
CVE-2007-6569 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2011-03-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
CVE-2007-1526 1 Sun 1 Java System Web Server 2011-03-07 6.0 MEDIUM N/A
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.
CVE-2005-1889 1 Sun 1 Java System Web Server 2011-03-07 5.0 MEDIUM N/A
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
CVE-2010-0389 1 Sun 1 Java System Web Server 2010-01-30 5.0 MEDIUM N/A
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
CVE-2010-0273 1 Sun 1 Java System Web Server 2010-01-11 7.5 HIGH N/A
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-2713 1 Sun 2 Java System Access Manager, Java System Web Server 2009-08-14 4.3 MEDIUM N/A
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2009-2712 1 Sun 3 Java System Access Manager, Java System Web Server, Opensso Enterprise 2009-08-14 2.1 LOW N/A
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
CVE-2000-0629 1 Sun 1 Java System Web Server 2008-09-10 7.5 HIGH N/A
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
CVE-2005-1150 1 Sun 1 Java System Web Server 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).