Vulnerability in Sun Java_system_application_server

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web ses…

Vulnerability class: HTTP Request Smuggling

EPSS: 0.035 (87.6th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_application_server — versions 7.0, 8.1
Sun Java_system_web_proxy_server — versions 3.6, 4.0
Sun Java_system_web_server — versions 6.0, 6.1
Sun One_application_server — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-444 — Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)

References

cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Broken Link)
cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
cve@mitre.org (vdb-entry, Broken Link, x_refsource_VUPEN)
cve@mitre.org (Patch, VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK, Broken Link)