CVE-2006-2501

Published May 20, 2006

Last updated 7 hours ago

CVSS info 6.8

Overview

Description: Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3CBDF1B-C506-4A89-B597-AFEA98FBDBC9",
            "versionEndIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA47D452-353D-4108-9350-1A0EC1D2B728",
            "versionEndIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E24F3990-8090-49AA-B490-B57DF2756791",
            "versionEndIncluding": "6.1"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "948567FB-7B09-42BF-ACFA-A2E04E7BD276",
            "versionEndIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A5885D7-8FC7-4BF7-BE07-06CE1C743454",
            "versionEndIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352D9910-BC83-44B2-B5C0-59B8F2C23142"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F316ECED-A6E3-43AC-BA05-C42F2CB0D830"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA32646E-1014-47D1-9C96-6CD8F0B13480"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDAF373D-CB7C-4410-8187-167B79480AA4",
            "versionEndIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38698A3B-9597-4BC9-B112-BB908C3DE86B"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78587B6D-2A95-4714-9632-4F75CD552E7A"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "279FE555-E290-4B17-855D-781C9B58ED55"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26A8BE1A-082B-4CB5-97D0-7964FBC93572"
          },
          {
            "criteria": "cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3609AA35-6B6A-47A1-B1D4-011B735E0671"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References