CVE-2006-6276 - OpenCVE

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sun	One Application Server Java System Web Proxy Server Java System Web Server Java System Application Server

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_system_application_server:7.0:::::::*
	cpe:2.3:a:sun:java_system_application_server:8.1:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:-:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:3.6:::::::*
	cpe:2.3:a:sun:java_system_web_proxy_server:4.0:::::::*
	cpe:2.3:a:sun:java_system_web_server:6.0:::::::*
	cpe:2.3:a:sun:java_system_web_server:6.1:::::::*
	cpe:2.3:a:sun:one_application_server:7.0:::::::*

References

Link	Resource
http://secunia.com/advisories/23186	Broken Link
http://securitytracker.com/id?1017322	Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1017323	Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1017324	Broken Link Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1	Broken Link Patch
http://www.securityfocus.com/bid/21371	Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/4793	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/30662	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-04T11:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2006-12-03T00:00:00

Link: CVE-2006-6276

JSON object: View

NVD Information

Status : Analyzed

Published: 2006-12-04T11:28:00.000

Modified: 2024-02-09T02:34:42.803

Link: CVE-2006-6276

JSON object: View

Redhat Information

No data.

CWE

CWE-444

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "102733", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"}, {"name": "23186", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23186"}, {"name": "1017324", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017324"}, {"name": "sunserver-proxy-csrf(30662)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"}, {"name": "ADV-2006-4793", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4793"}, {"name": "21371", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21371"}, {"name": "1017323", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017323"}, {"name": "1017322", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017322"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6276", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "102733", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"}, {"name": "23186", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23186"}, {"name": "1017324", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017324"}, {"name": "sunserver-proxy-csrf(30662)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"}, {"name": "ADV-2006-4793", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4793"}, {"name": "21371", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21371"}, {"name": "1017323", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017323"}, {"name": "1017322", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017322"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6276", "datePublished": "2006-12-04T11:00:00", "dateReserved": "2006-12-03T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "EAB26B3D-4DF0-45C2-9ECA-202C829392D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "044D96F6-7A18-4295-A665-16F1A6630963", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors."}, {"lang": "es", "value": "Vulnerabilidad de contrabando de petici\u00f3n HTTP en Sun Java System Proxy Server anterior al 30/11/2006, cuando se usa con Sun Java System Application Server o Sun Java System Web Server, permite a atacantes remotos evitar el filtrado de petici\u00f3n HTTP, secuestrar sesiones web, realizar ataques de secuencias de comandos en sitios cruzados (XSS), y falsear la cach\u00e9 web mediante vectores de ataque no especificados."}], "id": "CVE-2006-6276", "lastModified": "2024-02-09T02:34:42.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/23186"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017322"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017323"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017324"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21371"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2006/4793"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}