Lucene search

[email protected]NVD:CVE-2009-1934

HistoryJun 05, 2009 - 4:00 p.m.

CVE-2009-1934

2009-06-0516:00:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

Affected configurations

Nvd

Node

sunjava_system_web_serverMatch6.1sp10aix

sunjava_system_web_serverMatch6.1sp4aix

sunjava_system_web_serverMatch6.1sp5aix

sunjava_system_web_serverMatch6.1sp6aix

sunjava_system_web_serverMatch6.1sp7aix

sunjava_system_web_serverMatch6.1sp8aix

sunjava_system_web_serverMatch6.1sp9aix

sunone_web_serverMatch6.1aix

sunone_web_serverMatch6.1sp1aix

sunone_web_serverMatch6.1sp2aix

sunone_web_serverMatch6.1sp3aix

Node

sunjava_system_web_serverMatch6.1sp10hp_ux

sunjava_system_web_serverMatch6.1sp4hp_ux

sunjava_system_web_serverMatch6.1sp5hp_ux

sunjava_system_web_serverMatch6.1sp6hp_ux

sunjava_system_web_serverMatch6.1sp7hp_ux

sunjava_system_web_serverMatch6.1sp8hp_ux

sunjava_system_web_serverMatch6.1sp9hp_ux

sunone_web_serverMatch6.1hp_ux

sunone_web_serverMatch6.1sp1hp_ux

sunone_web_serverMatch6.1sp2hp_ux

sunone_web_serverMatch6.1sp3hp_ux

Node

sunjava_system_web_serverMatch6.1sp10linux

sunjava_system_web_serverMatch6.1sp4linux

sunjava_system_web_serverMatch6.1sp5linux

sunjava_system_web_serverMatch6.1sp6linux

sunjava_system_web_serverMatch6.1sp7linux

sunjava_system_web_serverMatch6.1sp8linux

sunjava_system_web_serverMatch6.1sp9linux

sunone_web_serverMatch6.1linux

sunone_web_serverMatch6.1sp1linux

sunone_web_serverMatch6.1sp2linux

sunone_web_serverMatch6.1sp3linux

Node

sunjava_system_web_serverMatch6.1sp10windows

sunjava_system_web_serverMatch6.1sp4windows

sunjava_system_web_serverMatch6.1sp5windows

sunjava_system_web_serverMatch6.1sp6windows

sunjava_system_web_serverMatch6.1sp7windows

sunjava_system_web_serverMatch6.1sp8windows

sunjava_system_web_serverMatch6.1sp9windows

sunone_web_serverMatch6.1windows

sunone_web_serverMatch6.1sp1windows

sunone_web_serverMatch6.1sp2windows

sunone_web_serverMatch6.1sp3windows

Node

sunjava_system_web_serverMatch6.1sp10sparc

sunjava_system_web_serverMatch6.1sp4sparc

sunjava_system_web_serverMatch6.1sp5sparc

sunjava_system_web_serverMatch6.1sp6sparc

sunjava_system_web_serverMatch6.1sp7sparc

sunjava_system_web_serverMatch6.1sp8sparc

sunjava_system_web_serverMatch6.1sp9sparc

sunone_web_serverMatch6.1sparc

sunone_web_serverMatch6.1sp1sparc

sunone_web_serverMatch6.1sp2sparc

sunone_web_serverMatch6.1sp3sparc

Node

sunjava_system_web_serverMatch6.1sp10x86

sunjava_system_web_serverMatch6.1sp4x86

sunjava_system_web_serverMatch6.1sp48x86

sunjava_system_web_serverMatch6.1sp5x86

sunjava_system_web_serverMatch6.1sp6x86

sunjava_system_web_serverMatch6.1sp7x86

sunjava_system_web_serverMatch6.1sp9x86

sunone_web_serverMatch6.1x86

sunone_web_serverMatch6.1sp1x86

sunone_web_serverMatch6.1sp2x86

sunone_web_serverMatch6.1sp3x86

VendorProductVersionCPE
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:*:*:*:*:*
sunjava_system_web_server6.1cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:*:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:*:*:*:*:*
sunone_web_server6.1cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:::::*
sun	java_system_web_server	6.1	cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:::::*
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1::aix:::::
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:::::*
sun	one_web_server	6.1	cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:::::*

Rows per page:

1-10 of 661

References

osvdb.org/54872

secunia.com/advisories/35338

sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1

sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1

support.avaya.com/elmodocs2/security/ASA-2009-211.htm

www.securityfocus.com/bid/35204

www.securitytracker.com/id?1022334

www.vupen.com/english/advisories/2009/1500

exchange.xforce.ibmcloud.com/vulnerabilities/50951

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Related for NVD:CVE-2009-1934

nessus10 openvas4 prion1 cve1 cvelist1