HTTP Request Smuggling Vulnerability in Sun Java System Proxy Server
CVE-2006-6276

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server; Java System Web Server; Java System Web Proxy Server; Java System Application Server
Vendor: CVE Published:; 4 December 2006

Summary

The vulnerability arises from improper processing of HTTP requests in Sun Java System Proxy Server, which can allow remote attackers to manipulate web traffic. This could enable them to bypass HTTP request filtering and execute harmful actions, including hijacking user sessions and injecting malicious scripts (XSS). Additionally, this flaw can facilitate the poisoning of web caches, leading to further security risks for users and applications relying on the affected servers.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/23186

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1017324

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 4, 2006
Vulnerability Reserved
Dec 3, 2006