CVE-2006-6276

CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

6.8MEDIUM

EPSS

1.2%

top 20.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Application Server SUN Java System WEB Proxy Server SUN Java System WEB Server +1 more

Timeline

PublishedDec 4

Latest updateMay 1

Description

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDsun/java_system_web_proxy_server3.6, 4.0+1

▶NVDsun/java_system_application_server7.0, 8.1+1

▶NVDsun/java_system_web_server6.0, 6.1+1

▶NVDsun/one_application_server7.0

Patches

Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-vphg-jwvg-jv3g: HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java Sy↗2022-05-01

▶

CVEList

CVE-2006-6276: HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java Sy↗2006-12-04

▶