{ "id": "CVE-2006-6276", "sourceIdentifier": "cve@mitre.org", "published": "2006-12-04T11:28:00.000", "lastModified": "2017-07-29T01:29:26.530", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors." }, { "lang": "es", "value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*", "matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*", "matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*", "matchCriteriaId": "7805CF93-C1EC-4698-95A6-CAB9C26EEAB9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*", "matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:enterprise:*:*:*:*:*", "matchCriteriaId": "D30859F7-97BE-4D6F-A9A8-EE12E8BC6201" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:standard:*:*:*:*:*", "matchCriteriaId": "D254F827-8A6C-496F-A6A0-667EF4F1D526" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*", "matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:standard:*:*:*:*:*", "matchCriteriaId": "1379A19D-72CF-490C-871E-B67BA40547E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*", "matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*", "matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*", "matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*", "matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*", "matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*", "matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*", "matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*", "matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*", "matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*", "matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*", "matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*", "matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "1A460F62-4594-447A-9D0B-9C1DBBDE9852" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:platform:*:*:*:*:*", "matchCriteriaId": "37553E5D-7B68-40C4-B970-FA0D02B7D3D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:standard:*:*:*:*:*", "matchCriteriaId": "3D089210-2135-4D41-92AD-51FB97AB343E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:platform:*:*:*:*:*", "matchCriteriaId": "C2C8EF3B-1A44-4D15-B2BE-FC970281760C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:standard:*:*:*:*:*", "matchCriteriaId": "E3597345-9D0B-492B-99BC-1C992EBF7CD5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:platform:*:*:*:*:*", "matchCriteriaId": "2E93217B-0307-4E04-BD02-50AD5AD35072" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:standard:*:*:*:*:*", "matchCriteriaId": "B77E35C5-FF8B-4BB5-A12E-E9B6485E207A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:platform:*:*:*:*:*", "matchCriteriaId": "3F7BD264-7418-4A48-9B67-BB90A9566E7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:standard:*:*:*:*:*", "matchCriteriaId": "11BB061E-ECF0-49F3-A3A8-378284A4F983" } ] } ] } ], "references": [ { "url": "http://securitytracker.com/id?1017322", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1017323", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1017324", "source": "cve@mitre.org" }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.securityfocus.com/bid/21371", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.vupen.com/english/advisories/2006/4793", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662", "source": "cve@mitre.org" } ] }