CVSS: 6.1EPSS: 0%CPEs: 66EXPL: 0CVE-2009-1934
https://notcve.org/view.php?id=CVE-2009-1934
05 Jun 2009 — Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Reverse Proxy Plug-in en Sun Java System Web Server v6.1 anterior a SP11, permite a atacantes remotos la inyección de código web y HTML de su elección a través de una consulta de c... • http://osvdb.org/54872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 47EXPL: 1CVE-2004-2763
https://notcve.org/view.php?id=CVE-2004-2763
01 Jun 2009 — The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. La configuración por defecto de Sun ONE/iPlanet Web Server v4.1 SP! al SP2 y v6.0 SP1 al SP5 responde a las peticiones HTTP TRACE, lo que puede permitir a atacantes remotos el robo de información usando ataques de seguimi... • http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html • CWE-16: Configuration •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2006-6276
https://notcve.org/view.php?id=CVE-2006-6276
04 Dec 2006 — HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. Vulnerabilidad de contrabando de petición HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System We... • http://secunia.com/advisories/23186 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 6%CPEs: 20EXPL: 0CVE-2006-2501
https://notcve.org/view.php?id=CVE-2006-2501
20 May 2006 — Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. • http://jvn.jp/jp/JVN%2303D5EAA8/index.html •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2005-2094
https://notcve.org/view.php?id=CVE-2005-2094
30 Jun 2005 — Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://seclists.org/lists/bugtraq/2005/Jun/0025.html •
CVSS: 9.8EPSS: 3%CPEs: 93EXPL: 0CVE-2004-0826
https://notcve.org/view.php?id=CVE-2004-0826
02 Sep 2004 — Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 •