CVE-2006-6276

Severity

68%

Complexity

86%

Confidentiality

106%

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Sun Java

First reported 18 years ago

2006-12-04 11:28:00

Last updated 7 years ago

2017-07-29 01:29:00

Affected Software

Sun Java System Application Server 7.0

7.0

Sun Java System Application Server 8.1 2005Q1 UR1 Platform

8.1

Sun Java System Web Proxy Server 3.6

3.6

Sun Java Web Proxy Server 3.6 SP1

3.6

Sun Java Web Proxy Server 3.6 SP2

3.6

Sun Java Web Proxy Server 3.6 SP3

3.6

Sun Java Web Proxy Server 3.6 SP4

3.6

Sun Java Web Proxy Server 3.6 SP5

3.6

Sun Java System Web Proxy Server 3.6 SP6

3.6

Sun Java Web Proxy Server 3.6 SP7

3.6

Sun Java Web Proxy Server 4.0

4.0

Sun Java System Web Server 6.0

6.0

Sun Java System Web Server 6.1

6.1

Sun Java System Web Server 6.1 SP1

6.1

Sun Java System Web Server 6.1 SP2

6.1

Sun Java System Web Server 6.1 SP3

6.1

Sun Java System Web Server 6.1 SP4

6.1

References

23186

1017322

1017323

1017324

102733

Patch

21371

Patch

ADV-2006-4793

sunserver-proxy-csrf(30662)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.