CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,847 CVEs tracked 53,242 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,918 Nuclei templates 37,802 vendors 42,493 researchers

32 results Clear all

CVE-2010-0389 EPSS 0.00

SUN Java System Web Server - Denial of Service

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.

CVE-2010-0388 1 PoC Analysis EPSS 0.02

SUN Java System Web Server - Format String Vulnerability

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

CWE-134 Jan 25, 2010

CVE-2010-0387 1 PoC Analysis EPSS 0.19

SUN Java System Web Server - Memory Corruption

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

CWE-119 Jan 25, 2010

CVE-2010-0361 4 PoCs Analysis EPSS 0.88

SUN Java System Web Server - Memory Corruption

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.

CWE-119 Jan 20, 2010

CVE-2010-0360 EPSS 0.01

SUN Java System Web Server - Improper Input Validation

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

CWE-20 Jan 20, 2010

CVE-2010-0273 EPSS 0.02

Sun Java System Web Server 7.0 Update 6 - RCE

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

CVE-2010-0272 EPSS 0.01

SUN Java System Web Server - Memory Corruption

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

CWE-119 Jan 08, 2010

CVE-2009-3878 EPSS 0.00

Sun Java System Web Server 7.0 Update 6 - Buffer Overflow

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

CWE-119 Nov 05, 2009

CVE-2009-2713 EPSS 0.00

Sun Java System Access Manager <7.1 - Info Disclosure

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2009-2712 EPSS 0.00

Sun Java System Access Manager - Info Disclosure

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

CWE-264 Aug 07, 2009

CVE-2009-2445 EXPLOITED EPSS 0.01

Oracle iPlanet Web Server <7.0 - Info Disclosure

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.

CWE-200 Jul 13, 2009

CVE-2009-1934 EPSS 0.01

Sun Java System Web Server 6.1 - XSS

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

CWE-79 Jun 05, 2009

CVE-2008-2518 EPSS 0.01

SUN Java System Web Server - XSS

Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.

CWE-79 Jun 03, 2008

CVE-2008-2166 EPSS 0.01

SUN Java System Web Server - XSS

Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.

CWE-79 May 13, 2008

CVE-2008-2120 EPSS 0.01

SUN Java System Application Server < 7.0 - Information Disclosure

Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.

CWE-200 May 09, 2008

CVE-2007-6570 EPSS 0.01

Sun Java System Web Proxy Server <4.0.6 & <3.6 - XSS

Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.

CWE-79 Dec 28, 2007

CVE-2007-6571 EPSS 0.00

Sun Java System Web Proxy Server <3.6 - XSS

Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

CWE-79 Dec 28, 2007

CVE-2007-6572 EPSS 0.00

Sun Java System Web Server <7.0 - XSS

Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.

CWE-79 Dec 28, 2007

CVE-2007-6569 EPSS 0.01

Sun Java System Web Proxy Server <4.0.6 - XSS

Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.

CWE-79 Dec 28, 2007

CVE-2007-4164 EPSS 0.02

Sun Java System Web Server <20070802 - CRLF Injection

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.