CVE-2007-6570: XSS
First published: Fri Dec 28 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Java System Web Server | =6.0-sp9 | |
| Sun Java System Web Server | =6.1-sp1 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp1 | |
| Sun Java System Web Server | =6.1-sp6 | |
| Sun Java System Web Server | =6.0-sp1 | |
| Oracle Sun Java System Web Proxy Server | =4.0-sp1 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp6 | |
| Oracle Sun Java System Web Proxy Server | =4.0.2 | |
| Sun Java System Web Server | =6.0-sp10 | |
| Sun Java System Web Server | =6.0 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp9 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp2 | |
| Sun Java System Web Server | =6.1-sp3 | |
| Sun Java System Web Server | =6.0-sp4 | |
| Sun Java System Web Server | =6.0-sp6 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp5 | |
| Sun Java System Web Server | =6.0-sp2 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp8 | |
| Sun Java System Web Server | =6.1 | |
| Sun Java System Web Server | =6.0-sp7 | |
| Sun Java System Web Server | =6.1-sp4 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp7 | |
| Oracle Sun Java System Web Proxy Server | =4.0 | |
| Oracle Sun Java System Web Proxy Server | =4.0.4 | |
| Oracle Sun Java System Web Proxy Server | =4.0.5 | |
| Sun Java System Web Server | =6.1-sp5 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp4 | |
| Sun Java System Web Server | =7.0 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp3 | |
| Sun Java System Web Server | =6.0-sp8 | |
| Sun Java System Web Server | =6.0-sp3 | |
| Oracle Sun Java System Web Proxy Server | =3.6 | |
| Sun Java System Web Server | =6.0-sp5 | |
| Oracle Sun Java System Web Proxy Server | =3.6-sp10 | |
| Sun Java System Web Server | =6.1-sp2 | |
| Sun Java System Web Server | =6.1-sp7 | |
| Oracle Sun Java System Web Proxy Server | =4.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view
- http://docs.sun.com/source/820-3637-10/relnotes36sp11_unix.html#wp19247
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1
- http://www.securityfocus.com/bid/26978
- http://secunia.com/advisories/28186
- http://secunia.com/advisories/28216
- http://osvdb.org/40851
- http://www.vupen.com/english/advisories/2007/4313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43976
Frequently Asked Questions
What is the severity of CVE-2007-6570?
CVE-2007-6570 is categorized as a medium severity vulnerability due to its potential to allow remote attackers to perform cross-site scripting attacks.
How do I fix CVE-2007-6570?
To fix CVE-2007-6570, upgrade to Sun Java System Web Proxy Server version 4.0.6 or later, or corresponding versions of the affected software.
What software is affected by CVE-2007-6570?
CVE-2007-6570 affects Sun Java System Web Proxy Server versions 3.x and 4.x as well as specific versions of Sun Java System Web Server.
What type of vulnerability is CVE-2007-6570?
CVE-2007-6570 is a cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML.
Can CVE-2007-6570 be exploited remotely?
Yes, CVE-2007-6570 can be exploited remotely by attackers using unspecified vectors to inject scripts.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sun
- canonical/sun java system web server
- version/sun java system web server/6.0-sp9
- version/sun java system web server/6.1-sp1
- canonical/oracle sun java system web proxy server
- version/oracle sun java system web proxy server/3.6-sp1
- version/sun java system web server/6.1-sp6
- version/sun java system web server/6.0-sp1
- version/oracle sun java system web proxy server/4.0-sp1
- version/oracle sun java system web proxy server/3.6-sp6
- version/oracle sun java system web proxy server/4.0.2
- version/sun java system web server/6.0-sp10
- version/sun java system web server/6.0
- version/oracle sun java system web proxy server/3.6-sp9
- version/oracle sun java system web proxy server/3.6-sp2
- version/sun java system web server/6.1-sp3
- version/sun java system web server/6.0-sp4
- version/sun java system web server/6.0-sp6
- version/oracle sun java system web proxy server/3.6-sp5
- version/sun java system web server/6.0-sp2
- version/oracle sun java system web proxy server/3.6-sp8
- version/sun java system web server/6.1
- version/sun java system web server/6.0-sp7
- version/sun java system web server/6.1-sp4
- version/oracle sun java system web proxy server/3.6-sp7
- version/oracle sun java system web proxy server/4.0
- version/oracle sun java system web proxy server/4.0.4
- version/oracle sun java system web proxy server/4.0.5
- version/sun java system web server/6.1-sp5
- version/oracle sun java system web proxy server/3.6-sp4
- version/sun java system web server/7.0
- version/oracle sun java system web proxy server/3.6-sp3
- version/sun java system web server/6.0-sp8
- version/sun java system web server/6.0-sp3
- version/oracle sun java system web proxy server/3.6
- version/sun java system web server/6.0-sp5
- version/oracle sun java system web proxy server/3.6-sp10
- version/sun java system web server/6.1-sp2
- version/sun java system web server/6.1-sp7
- version/oracle sun java system web proxy server/4.0.3