Vulnerability Description
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java System Application Server | 7.0 |
| Sun | Java System Web Proxy Server | - |
| Sun | Java System Web Server | 6.0 |
| Sun | One Application Server | 7.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/23186Broken Link
- http://securitytracker.com/id?1017322Broken LinkThird Party AdvisoryVDB Entry
- http://securitytracker.com/id?1017323Broken LinkThird Party AdvisoryVDB Entry
- http://securitytracker.com/id?1017324Broken LinkThird Party AdvisoryVDB Entry
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1Broken LinkPatch
- http://www.securityfocus.com/bid/21371Broken LinkPatchThird Party Advisory
- http://www.vupen.com/english/advisories/2006/4793Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30662Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/23186Broken Link
- http://securitytracker.com/id?1017322Broken LinkThird Party AdvisoryVDB Entry
- http://securitytracker.com/id?1017323Broken LinkThird Party AdvisoryVDB Entry
- http://securitytracker.com/id?1017324Broken LinkThird Party AdvisoryVDB Entry
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1Broken LinkPatch
- http://www.securityfocus.com/bid/21371Broken LinkPatchThird Party Advisory
- http://www.vupen.com/english/advisories/2006/4793Broken Link
FAQ
What is CVE-2006-6276?
CVE-2006-6276 is a vulnerability with a CVSS score of 6.8 (MEDIUM). HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass...
How severe is CVE-2006-6276?
CVE-2006-6276 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6276?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java System Application Server, Sun Java System Web Proxy Server, Sun Java System Web Server, Sun One Application Server.