CVEブラウザに戻る

CVE-2006-6276

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0850%

EPSS Percentile42.63th

Published2006年12月4日

Last Modified2026年4月23日

Vulnerability Description

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

Affected Platforms (CPE)

📦

Sun

Java System Application Server

= 7.0

📦

Sun

Java System Application Server

= 8.1

📦

Sun

Java System Web Proxy Server

All versions

📦

Sun

Java System Web Proxy Server

= 3.6

📦

Sun

Java System Web Proxy Server

= 4.0

📦

Sun

Java System Web Server

= 6.0

📦

Sun

Java System Web Server

= 6.1

📦

Sun

One Application Server

= 7.0

References & Advisories

🔗 http://secunia.com/advisories/23186

🔗 http://securitytracker.com/id?1017322

🔗 http://securitytracker.com/id?1017323

🔗 http://securitytracker.com/id?1017324

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

🔗 http://www.securityfocus.com/bid/21371

🔗 http://www.vupen.com/english/advisories/2006/4793

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/30662

関連する脆弱性情報

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2021-271989.8

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbit...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2007-37159.3

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT...