CVE-2009-1934

EPSS 0.6%
Veröffentlicht 05.06.2009 16:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionaix

Sun ≫ One Web Server Version6.1 Editionaix

Sun ≫ One Web Server Version6.1 Updatesp1 Editionaix

Sun ≫ One Web Server Version6.1 Updatesp2 Editionaix

Sun ≫ One Web Server Version6.1 Updatesp3 Editionaix

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionhp_ux

Sun ≫ One Web Server Version6.1 Editionhp_ux

Sun ≫ One Web Server Version6.1 Updatesp1 Editionhp_ux

Sun ≫ One Web Server Version6.1 Updatesp2 Editionhp_ux

Sun ≫ One Web Server Version6.1 Updatesp3 Editionhp_ux

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionlinux

Sun ≫ One Web Server Version6.1 Editionlinux

Sun ≫ One Web Server Version6.1 Updatesp1 Editionlinux

Sun ≫ One Web Server Version6.1 Updatesp2 Editionlinux

Sun ≫ One Web Server Version6.1 Updatesp3 Editionlinux

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionwindows

Sun ≫ One Web Server Version6.1 Editionwindows

Sun ≫ One Web Server Version6.1 Updatesp1 Editionwindows

Sun ≫ One Web Server Version6.1 Updatesp2 Editionwindows

Sun ≫ One Web Server Version6.1 Updatesp3 Editionwindows

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp8 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionsparc

Sun ≫ One Web Server Version6.1 Editionsparc

Sun ≫ One Web Server Version6.1 Updatesp1 Editionsparc

Sun ≫ One Web Server Version6.1 Updatesp2 Editionsparc

Sun ≫ One Web Server Version6.1 Updatesp3 Editionsparc

Sun ≫ Java System Web Server Version6.1 Updatesp10 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp4 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp48 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp5 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp6 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp7 Editionx86

Sun ≫ Java System Web Server Version6.1 Updatesp9 Editionx86

Sun ≫ One Web Server Version6.1 Editionx86

Sun ≫ One Web Server Version6.1 Updatesp1 Editionx86

Sun ≫ One Web Server Version6.1 Updatesp2 Editionx86

Sun ≫ One Web Server Version6.1 Updatesp3 Editionx86

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.67

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/54872

http://secunia.com/advisories/35338

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1

Patch

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm

http://www.securityfocus.com/bid/35204

http://www.securitytracker.com/id?1022334

http://www.vupen.com/english/advisories/2009/1500

https://exchange.xforce.ibmcloud.com/vulnerabilities/50951

https://nvd.nist.gov/vuln/detail/CVE-2009-1934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1934

EUVD