CVE-2010-3514

Oracle iPlanet Web Server <7.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3514. PoCs published by Roberto Suggi Liverani.

AI-analyzed exploit summary This is a detailed writeup describing an HTTP Response Splitting vulnerability in Sun Java System Web Server 7.0, leading to Cross-Site Scripting (XSS) attacks. It includes a proof-of-concept example demonstrating how CR and LF characters can be injected into HTTP headers to split responses.

Description

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.

Exploits (1)

exploitdb WRITEUP

by Roberto Suggi Liverani · textwebappsjsp

https://www.exploit-db.com/exploits/15290

View Code ZIP pw:eip

This is a detailed writeup describing an HTTP Response Splitting vulnerability in Sun Java System Web Server 7.0, leading to Cross-Site Scripting (XSS) attacks. It includes a proof-of-concept example demonstrating how CR and LF characters can be injected into HTTP headers to split responses.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sun Java System Web Server 7.0

No auth needed

Prerequisites: User-supplied input reflected in HTTP headers · Sun Java System Web Server 7.0

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

Scores

EPSS 0.0449

EPSS Percentile 90.2%

Details

Status published

Products (2)

oracle/sun_products_suite 6.1

oracle/sun_products_suite 7.0

Published Oct 14, 2010

Tracked Since Feb 18, 2026