Cross-Site Scripting Vulnerability in Sun ONE and Java System Web Servers
CVE-2006-2501

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server; One Web Server; Java System Web Server; Java System Application Server
Vendor: CVE Published:; 20 May 2006

Summary

A cross-site scripting (XSS) vulnerability exists in the Sun ONE Web Server and Java System Web Server, as well as their respective application servers. This flaw could permit remote attackers to inject potentially malicious web scripts or HTML through unknown attack vectors, possibly taking advantage of vulnerabilities in error messages displayed by the servers. Successful exploitation of this vulnerability could lead to unauthorized actions and data exposure for users interacting with the affected web applications.

References

http://www.securityfocus.com/bid/18035

vdb-entryx_refsource_BID

http://securitytracker.com/id?1016125

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 20, 2006
Vulnerability Reserved
May 19, 2006