XSS in Sun Java_system_web_proxy_server

CVE-2007-6571

Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.017 (73.6th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_web_proxy_server — versions 3.6, 4.0, 4.0.2
Sun Java_system_web_server — versions 6.0, 6.1, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vdb-entry, x_refsource_VUPEN)