CVE-2009-2445
https://notcve.org/view.php?id=CVE-2009-2445
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI. iPlanet Web Server de Oracle (anteriormente Sun Java System Web Server o Sun ONE Web Server) versión 6.1 anterior a SP12, y versión 7.0 hasta Update 6, cuando se ejecutan en Windows, permite a los atacantes remotos leer archivos JSP arbitrarios por medio de una sintaxis de flujo de datos alternativa, como es demostrado por un URI .jsp::$DATA. • http://isowarez.de/SunOne_Webserver.txt http://jvn.jp/en/jp/JVN47124169/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2009-002069 http://secunia.com/advisories/35701 http://securitytracker.com/id?1022511 http://sunsolve.sun.com/search/document.do?assetkey=1-26-266429-1 http://www.osvdb.org/55655 http://www.vupen.com/english/advisories/2009/1786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1934
https://notcve.org/view.php?id=CVE-2009-1934
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Reverse Proxy Plug-in en Sun Java System Web Server v6.1 anterior a SP11, permite a atacantes remotos la inyección de código web y HTML de su elección a través de una consulta de cadena en situaciones resultantes de un error "502 Gateway". • http://osvdb.org/54872 http://secunia.com/advisories/35338 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1 http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm http://www.securityfocus.com/bid/35204 http://www.securitytracker.com/id?1022334 http://www.vupen.com/english/advisories/2009/1500 https://exchange.xforce.ibmcloud.com/vulnerabilities/50951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2518
https://notcve.org/view.php?id=CVE-2008-2518
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el mecanismo de búsqueda avanzada (webapps/search/advanced.jsp) de Sun Java System Web Server 6.1 versiones anteriores a SP9 y 7.0 versiones anteriores a Update 3 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados, probablemente relacionados al parámetro next. • http://secunia.com/advisories/30381 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1 http://www.securityfocus.com/bid/29355 http://www.securitytracker.com/id?1020110 http://www.vupen.com/english/advisories/2008/1649/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2166
https://notcve.org/view.php?id=CVE-2008-2166
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Módulo de búsqueda de Sun Java System Web Server 6.1 anterior a SP9 y 7.0 previo a la Update 2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de parámetros desconocidos en index.jsp. • http://secunia.com/advisories/30133 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1 http://www.securityfocus.com/bid/29087 http://www.securitytracker.com/id?1019987 http://www.vupen.com/english/advisories/2008/1455/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2120
https://notcve.org/view.php?id=CVE-2008-2120
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. Vulnerabilidad no especificada en Java System Application Server versión 7 2004Q2 anterior a Update 6, Web Server versión 6.1 anterior a SP8 y and Web Server versión 7.0 anterior a Update 1 permite a atacantes remotos obtener el código fuente de los ficheros JSP mediante vectores no conocidos. • http://secunia.com/advisories/30122 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201255-1 http://www.securityfocus.com/bid/29088 http://www.securitytracker.com/id?1019985 http://www.securitytracker.com/id?1019986 http://www.vupen.com/english/advisories/2008/1457/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •