CVE-2006-6276

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server; Java System Web Server; Java System Web Proxy Server; Java System Application Server
Vendor: CVE Published:; 4 December 2006

Summary

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/23186

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1017324

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 4, 2006
Vulnerability Reserved
Dec 3, 2006