Description
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
References (8)
Core 8
Core References
Broken Link, Patch vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23186
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017324
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30662
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4793
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21371
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017323
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017322
Scores
EPSS
0.0350
EPSS Percentile
87.6%
Details
CWE
CWE-444
Status
published
Products (8)
sun/java_system_application_server
7.0
sun/java_system_application_server
8.1
sun/java_system_web_proxy_server
sun/java_system_web_proxy_server
3.6
sun/java_system_web_proxy_server
4.0
sun/java_system_web_server
6.0
sun/java_system_web_server
6.1
sun/one_application_server
7.0
Published
Dec 04, 2006
Tracked Since
Feb 18, 2026