5 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. Vulnerabilidad no especificada en Java System Application Server versión 7 2004Q2 anterior a Update 6, Web Server versión 6.1 anterior a SP8 y and Web Server versión 7.0 anterior a Update 1 permite a atacantes remotos obtener el código fuente de los ficheros JSP mediante vectores no conocidos. • http://secunia.com/advisories/30122 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 http://www.securityfocus.com/bid/29088 http://www.securitytracker.com/id?1019985 http://www.securitytracker.com/id?1019986 http://www.vupen.com/english/advisories/2008/1457/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. • http://jvn.jp/jp/JVN%2303D5EAA8/index.html http://secunia.com/advisories/20147 http://securitytracker.com/id?1016125 http://securitytracker.com/id?1016126 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1 http://www.kb.cert.org/vuls/id/114956 http://www.securityfocus.com/bid/18035 http://www.vupen.com/english/advisories/2006/1866 https://exchange.xforce.ibmcloud.com/vulnerabilities/26550 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-101690-1 http://www.vupen.com/english/advisories/2005/0695 •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba http://www.securityfocus.com/bid/1600 http://www.securityfocus.com/templates/advisory.html?id=2542 https://exchange.xforce.ibmcloud.com/vulnerabilities/5135 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html http://www.securityfocus.com/bid/1459 http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html •