CVE-2006-6276

Sun Java System Proxy Server <20061130 - SSRF/XSS

Title source: llm

Description

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

References (8)

[Broken Link, Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

[Broken Link] http://secunia.com/advisories/23186

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017324

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30662

[Broken Link] http://www.vupen.com/english/advisories/2006/4793

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21371

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017323

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017322

Scores

EPSS 0.0123

EPSS Percentile 79.3%

Details

CWE

CWE-444

Status published

Products (8)

sun/java_system_application_server 7.0

sun/java_system_application_server 8.1

sun/java_system_web_proxy_server

sun/java_system_web_proxy_server 3.6

sun/java_system_web_proxy_server 4.0

sun/java_system_web_server 6.0

sun/java_system_web_server 6.1

sun/one_application_server 7.0

Published Dec 04, 2006

Tracked Since Feb 18, 2026