CVE-2006-2501
Last modified
CVE-2006-2501 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.. EPSS estimates a 3.40% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Java System Application Server | <= 7.0 | Ur2 |
| Sun | Java System Web Server | <= 6.1 | Sp4 |
| Sun | Java System Web Server | 6.1 | — |
| Sun | One Application Server | <= 7.0 | Update 6 |
| Sun | One Application Server | 6.0 | — |
| Sun | One Application Server | 7.0 | — |
| Sun | One Web Server | <= 6.0 | Sp9 |
| Sun | One Web Server | 6.0 | Sp3 |
References
- http://secunia.com/advisories/20147Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/114956US Government Resource
- http://secunia.com/advisories/20147Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/114956US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2501?
How severe is CVE-2006-2501?
How do I fix CVE-2006-2501?
Are you affected by CVE-2006-2501?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST