CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6276

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile42.63th
PublishedDec 4, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

Affected Platforms (CPE)

πŸ“¦
Sun

Java System Application Server

= 7.0
πŸ“¦
Sun

Java System Application Server

= 8.1
πŸ“¦
Sun

Java System Web Proxy Server

All versions
πŸ“¦
Sun

Java System Web Proxy Server

= 3.6
πŸ“¦
Sun

Java System Web Proxy Server

= 4.0
πŸ“¦
Sun

Java System Web Server

= 6.0
πŸ“¦
Sun

Java System Web Server

= 6.1
πŸ“¦
Sun

One Application Server

= 7.0

References & Advisories

πŸ”— http://secunia.com/advisories/23186
πŸ”— http://securitytracker.com/id?1017322
πŸ”— http://securitytracker.com/id?1017323
πŸ”— http://securitytracker.com/id?1017324
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
πŸ”— http://www.securityfocus.com/bid/21371
πŸ”— http://www.vupen.com/english/advisories/2006/4793
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/30662

Related Vulnerabilities

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2021-271989.8

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbit...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2007-37159.3

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT...