CVE-2006-3225 - OpenCVE

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	One Application Server Java System Application Server

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_system_application_server::ur4::::::*
	cpe:2.3:a:sun:java_system_application_server:8.1::enterprise:::::
	cpe:2.3:a:sun:one_application_server::update_8::::::*

References

Link	Resource
http://secunia.com/advisories/20835
http://securitytracker.com/id?1016378
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1
http://www.securityfocus.com/bid/18635
http://www.vupen.com/english/advisories/2006/2508
https://exchange.xforce.ibmcloud.com/vulnerabilities/27392

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-26T16:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-06-26T00:00:00

Link: CVE-2006-3225

JSON object: View

NVD Information

Status : Modified

Published: 2006-06-26T16:05:00.000

Modified: 2017-07-20T01:32:08.880

Link: CVE-2006-3225

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20835", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20835"}, {"name": "18635", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18635"}, {"name": "102479", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"}, {"name": "ADV-2006-2508", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2508"}, {"name": "1016378", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016378"}, {"name": "sun-java-parameters-xss(27392)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20835", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20835"}, {"name": "18635", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18635"}, {"name": "102479", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"}, {"name": "ADV-2006-2508", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2508"}, {"name": "1016378", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016378"}, {"name": "sun-java-parameters-xss(27392)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3225", "datePublished": "2006-06-26T16:00:00", "dateReserved": "2006-06-26T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_application_server:*:ur4:*:*:*:*:*:*", "matchCriteriaId": "0AA2F7CD-790A-4F9B-B42E-3B3967818C8D", "versionEndIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:one_application_server:*:update_8:*:*:*:*:*:*", "matchCriteriaId": "990CB3BC-82FF-4480-B5B7-52761FF78BBA", "versionEndIncluding": "7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun ONE Application Server v7 anterior a actualizaci\u00f3n v9, Java System Application Server v7 2004Q2 anterior a actualizaci\u00f3n v5, y Java System Application Server Enterprise Edition v8.1 2005 Q1 permite a atacantes remotos inyecatr c\u00f3digo HTML o web a trav\u00e9s de vectores desconocidos. \r\n"}], "id": "CVE-2006-3225", "lastModified": "2017-07-20T01:32:08.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-26T16:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20835"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016378"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102479-1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18635"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2508"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27392"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}