Vulnerability Details CVE-2006-2501
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://jvn.jp/jp/JVN%2303D5EAA8/index.html
- http://secunia.com/advisories/20147
- http://securitytracker.com/id?1016125
- http://securitytracker.com/id?1016126
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1
- http://www.kb.cert.org/vuls/id/114956
- http://www.securityfocus.com/bid/18035
- http://www.vupen.com/english/advisories/2006/1866
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26550
- http://jvn.jp/jp/JVN%2303D5EAA8/index.html
- http://secunia.com/advisories/20147
- http://securitytracker.com/id?1016125
- http://securitytracker.com/id?1016126
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102164-1
- http://www.kb.cert.org/vuls/id/114956
- http://www.securityfocus.com/bid/18035
- http://www.vupen.com/english/advisories/2006/1866
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26550
Products affected by CVE-2006-2501
-
cpe:2.3:a:sun:java_system_application_server:*
-
cpe:2.3:a:sun:java_system_web_server:6.1
-
cpe:2.3:a:sun:one_application_server:*
-
cpe:2.3:a:sun:one_application_server:6.0
-
cpe:2.3:a:sun:one_application_server:7.0
-
cpe:2.3:a:sun:one_web_server:4.1
-
cpe:2.3:a:sun:one_web_server:6.0