Lucene search

MitreCVE-2009-1934

HistoryJun 05, 2009 - 4:00 p.m.

CVE-2009-1934

2009-06-0516:00:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-1934

cross-site scripting

xss

vulnerability

sun java system web server

gateway error

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

Affected configurations

Nvd

Node

sunjava_system_web_serverMatch6.1sp10aix

sunjava_system_web_serverMatch6.1sp4aix

sunjava_system_web_serverMatch6.1sp5aix

sunjava_system_web_serverMatch6.1sp6aix

sunjava_system_web_serverMatch6.1sp7aix

sunjava_system_web_serverMatch6.1sp8aix

sunjava_system_web_serverMatch6.1sp9aix

sunone_web_serverMatch6.1aix

sunone_web_serverMatch6.1sp1aix

sunone_web_serverMatch6.1sp2aix

sunone_web_serverMatch6.1sp3aix

Node

sunjava_system_web_serverMatch6.1sp10hp_ux

sunjava_system_web_serverMatch6.1sp4hp_ux

sunjava_system_web_serverMatch6.1sp5hp_ux

sunjava_system_web_serverMatch6.1sp6hp_ux

sunjava_system_web_serverMatch6.1sp7hp_ux

sunjava_system_web_serverMatch6.1sp8hp_ux

sunjava_system_web_serverMatch6.1sp9hp_ux

sunone_web_serverMatch6.1hp_ux

sunone_web_serverMatch6.1sp1hp_ux

sunone_web_serverMatch6.1sp2hp_ux

sunone_web_serverMatch6.1sp3hp_ux

Node

sunjava_system_web_serverMatch6.1sp10linux

sunjava_system_web_serverMatch6.1sp4linux

sunjava_system_web_serverMatch6.1sp5linux

sunjava_system_web_serverMatch6.1sp6linux

sunjava_system_web_serverMatch6.1sp7linux

sunjava_system_web_serverMatch6.1sp8linux

sunjava_system_web_serverMatch6.1sp9linux

sunone_web_serverMatch6.1linux

sunone_web_serverMatch6.1sp1linux

sunone_web_serverMatch6.1sp2linux

sunone_web_serverMatch6.1sp3linux

Node

sunjava_system_web_serverMatch6.1sp10windows

sunjava_system_web_serverMatch6.1sp4windows

sunjava_system_web_serverMatch6.1sp5windows

sunjava_system_web_serverMatch6.1sp6windows

sunjava_system_web_serverMatch6.1sp7windows

sunjava_system_web_serverMatch6.1sp8windows

sunjava_system_web_serverMatch6.1sp9windows

sunone_web_serverMatch6.1windows

sunone_web_serverMatch6.1sp1windows

sunone_web_serverMatch6.1sp2windows

sunone_web_serverMatch6.1sp3windows

Node

sunjava_system_web_serverMatch6.1sp10sparc

sunjava_system_web_serverMatch6.1sp4sparc

sunjava_system_web_serverMatch6.1sp5sparc

sunjava_system_web_serverMatch6.1sp6sparc

sunjava_system_web_serverMatch6.1sp7sparc

sunjava_system_web_serverMatch6.1sp8sparc

sunjava_system_web_serverMatch6.1sp9sparc

sunone_web_serverMatch6.1sparc

sunone_web_serverMatch6.1sp1sparc

sunone_web_serverMatch6.1sp2sparc

sunone_web_serverMatch6.1sp3sparc

Node

sunjava_system_web_serverMatch6.1sp10x86

sunjava_system_web_serverMatch6.1sp4x86

sunjava_system_web_serverMatch6.1sp48x86

sunjava_system_web_serverMatch6.1sp5x86

sunjava_system_web_serverMatch6.1sp6x86

sunjava_system_web_serverMatch6.1sp7x86

sunjava_system_web_serverMatch6.1sp9x86

sunone_web_serverMatch6.1x86

sunone_web_serverMatch6.1sp1x86

sunone_web_serverMatch6.1sp2x86

sunone_web_serverMatch6.1sp3x86

VendorProductVersionCPE
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:*:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:::::*
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1::aix:::::
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:::::*
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:::::*

Rows per page:

1-10 of 661

References

osvdb.org/54872

secunia.com/advisories/35338

sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1

sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1

support.avaya.com/elmodocs2/security/ASA-2009-211.htm

www.securityfocus.com/bid/35204

www.securitytracker.com/id?1022334

www.vupen.com/english/advisories/2009/1500

exchange.xforce.ibmcloud.com/vulnerabilities/50951

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Related for CVE-2009-1934