XSS in Sun Java_system_web_proxy_server

CVE-2007-6570

Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.022 (80.5th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_web_proxy_server — versions 3.6, 4.0, 4.0.2
Sun Java_system_web_server — versions 6.0, 6.1, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)