CVE-2007-6571

EPSS 0.29%
Published 28.12.2007 21:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Java System Web Proxy Server Version3.6

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp1

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp10

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp2

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp3

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp4

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp5

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp6

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp7

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp8

Sun ≫ Java System Web Proxy Server Version3.6 Updatesp9

Sun ≫ Java System Web Proxy Server Version4.0

Sun ≫ Java System Web Proxy Server Version4.0 Updatesp1

Sun ≫ Java System Web Proxy Server Version4.0.2

Sun ≫ Java System Web Proxy Server Version4.0.3

Sun ≫ Java System Web Proxy Server Version4.0.4

Sun ≫ Java System Web Proxy Server Version4.0.5

Sun ≫ Java System Web Server Version6.0

Sun ≫ Java System Web Server Version6.0 Updatesp1

Sun ≫ Java System Web Server Version6.0 Updatesp10

Sun ≫ Java System Web Server Version6.0 Updatesp2

Sun ≫ Java System Web Server Version6.0 Updatesp3

Sun ≫ Java System Web Server Version6.0 Updatesp4

Sun ≫ Java System Web Server Version6.0 Updatesp5

Sun ≫ Java System Web Server Version6.0 Updatesp6

Sun ≫ Java System Web Server Version6.0 Updatesp7

Sun ≫ Java System Web Server Version6.0 Updatesp8

Sun ≫ Java System Web Server Version6.0 Updatesp9

Sun ≫ Java System Web Server Version6.1

Sun ≫ Java System Web Server Version6.1 Updatesp1

Sun ≫ Java System Web Server Version6.1 Updatesp2

Sun ≫ Java System Web Server Version6.1 Updatesp3

Sun ≫ Java System Web Server Version6.1 Updatesp4

Sun ≫ Java System Web Server Version6.1 Updatesp5

Sun ≫ Java System Web Server Version6.1 Updatesp6

Sun ≫ Java System Web Server Version6.1 Updatesp7

Sun ≫ Java System Web Server Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.496

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/28216

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1

http://www.securityfocus.com/bid/26978

Patch

http://www.vupen.com/english/advisories/2007/4313

https://exchange.xforce.ibmcloud.com/vulnerabilities/43977

https://nvd.nist.gov/vuln/detail/CVE-2007-6571

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6571

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6571

EUVD