CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2003-1589
https://notcve.org/view.php?id=CVE-2003-1589
25 Feb 2010 — Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad sin especificar en Sun ONE (aka iPlanet) Web Server v4.1 anteriores a SP13 y v6.0 anteriores SP6 sobre Windows permite a atacantes producir una denegación de servicio (caída de demonio) a través de vectores desconocidos. • http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2003-1590
https://notcve.org/view.php?id=CVE-2003-1590
25 Feb 2010 — Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad sin especificar en Sun ONE (también conocido como iPlanet) Web Server v6.0 SP3 a SP5 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de vectores desconocidos. • http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1 •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2003-1577
https://notcve.org/view.php?id=CVE-2003-1577
05 Feb 2010 — Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. Sun ONE (tambien conocido como iPlanet) Web Serve... • http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2003-1578
https://notcve.org/view.php?id=CVE-2003-1578
05 Feb 2010 — Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue. Sun ONE (conocido también como iPlanet) Web Server v4.1 hasta SP12 y v6.0 hasta SP5, cuando la resolución DNS está activada p... • http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2003-1579
https://notcve.org/view.php?id=CVE-2003-1579
05 Feb 2010 — Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. Sun ONE (conocido también como iPlanet) Web Server v6 en Windows, cuan... • http://www.securityfocus.com/archive/1/313867 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 66EXPL: 0CVE-2009-1934
https://notcve.org/view.php?id=CVE-2009-1934
05 Jun 2009 — Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Reverse Proxy Plug-in en Sun Java System Web Server v6.1 anterior a SP11, permite a atacantes remotos la inyección de código web y HTML de su elección a través de una consulta de c... • http://osvdb.org/54872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 47EXPL: 1CVE-2004-2763
https://notcve.org/view.php?id=CVE-2004-2763
01 Jun 2009 — The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. La configuración por defecto de Sun ONE/iPlanet Web Server v4.1 SP! al SP2 y v6.0 SP1 al SP5 responde a las peticiones HTTP TRACE, lo que puede permitir a atacantes remotos el robo de información usando ataques de seguimi... • http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html • CWE-16: Configuration •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2006-6276
https://notcve.org/view.php?id=CVE-2006-6276
04 Dec 2006 — HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. Vulnerabilidad de contrabando de petición HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System We... • http://secunia.com/advisories/23186 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-5654
https://notcve.org/view.php?id=CVE-2006-5654
03 Nov 2006 — Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. Vulnerabilidad no especificada en Network Security Services (NSS) de Sun Java System Web Ser... • http://secunia.com/advisories/22646 •
CVSS: 6.8EPSS: 6%CPEs: 20EXPL: 0CVE-2006-2501
https://notcve.org/view.php?id=CVE-2006-2501
20 May 2006 — Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. • http://jvn.jp/jp/JVN%2303D5EAA8/index.html •