CVE-2007-6572

Sun Java System Web Server <7.0 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43978
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26978
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28216
Patch vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4313

Scores

EPSS 0.0031
EPSS Percentile 54.5%

Details

CWE
CWE-79
Status published
Products (9)
sun/java_system_web_proxy_server 3.6 (11 CPE variants)
sun/java_system_web_proxy_server 4.0 (2 CPE variants)
sun/java_system_web_proxy_server 4.0.2
sun/java_system_web_proxy_server 4.0.3
sun/java_system_web_proxy_server 4.0.4
sun/java_system_web_proxy_server 4.0.5
sun/java_system_web_server 6.0 (11 CPE variants)
sun/java_system_web_server 6.1 (8 CPE variants)
sun/java_system_web_server 7.0
Published Dec 28, 2007
Tracked Since Feb 18, 2026