6.8

CVE-2009-1357

Exploit
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunJava System Delegated Administrator Version6.2 Update- Editionsparc
SunJava System Delegated Administrator Version6.3 Update- Editionsparc
SunJava System Delegated Administrator Version6.4 Update- Editionsparc
SunJava System Delegated Administrator Version6.2 Update- Editionx86
SunJava System Delegated Administrator Version6.3 Update- Editionx86
SunJava System Delegated Administrator Version6.4 Update- Editionx86
SunJava System Delegated Administrator Version6.2 Update- Editionlinux
SunJava System Delegated Administrator Version6.3 Update- Editionlinux
SunJava System Delegated Administrator Version6.4 Update- Editionlinux
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.18% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/53920
http://secunia.com/advisories/34760
Vendor Advisory
http://securitytracker.com/id?1022108
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1
http://www.coresecurity.com/content/sun-delegated-administrator
http://www.securityfocus.com/archive/1/502863/100/0/threaded
http://www.securityfocus.com/bid/34643
Exploit
http://www.vupen.com/english/advisories/2009/1122
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50004