PT-2006-3448 · Sun · Sun Java System Application Server+3
Published
2006-05-20
·
Updated
2017-07-20
·
CVE-2006-2501
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun ONE Web Server versions 6.0 SP9 and earlier
Java System Web Server versions 6.1 SP4 and earlier
Sun ONE Application Server versions 7 Platform and Standard Edition Update 6 and earlier
Java System Application Server versions 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
Recommendations
For Sun ONE Web Server versions 6.0 SP9 and earlier, update to a version later than 6.0 SP9.
For Java System Web Server versions 6.1 SP4 and earlier, update to a version later than 6.1 SP4.
For Sun ONE Application Server versions 7 Platform and Standard Edition Update 6 and earlier, update to a version later than Update 6.
For Java System Application Server versions 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, update to a version later than Update 2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sun Java System Application Server
Sun Java System Web Server
Sun One Application Server
Sun One Web Server