PT-2006-6905 · Sun · Sun Java System Web Proxy Server+2
Published
2006-12-04
·
Updated
2024-02-09
·
CVE-2006-6276
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java System Proxy Server versions prior to 20061130
Description
The issue allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches. This is achieved via unspecified attack vectors when the Sun Java System Proxy Server is used with Sun Java System Application Server or Sun Java System Web Server.
Recommendations
For Sun Java System Proxy Server versions prior to 20061130, update to a version released after 20061130 to resolve the issue. As a temporary workaround, consider restricting access to sensitive web applications and implementing additional security measures to minimize the risk of web session hijacking and cross-site scripting (XSS) attacks.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Java System Application Server
Sun Java System Web Proxy Server
Sun Java System Web Server