CVE Vulnerability

CVE-2007-6570

Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view
http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1
http://www.securityfocus.com/bid/26978 Patch
http://secunia.com/advisories/28186 Patch Vendor Advisory
http://secunia.com/advisories/28216
http://osvdb.org/40851
http://www.vupen.com/english/advisories/2007/4313
https://exchange.xforce.ibmcloud.com/vulnerabilities/43976
Configurations

Configuration 1

cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*
Information

Published : 2007-12-28 09:46

Updated : 2017-08-08 01:29

NVD link : CVE-2007-6570

Mitre link : CVE-2007-6570

Products Affected
No products.
CWE
CWE-79