CVE-2009-1934

CVSS V2 Medium 4.3 CVSS V3 None
Description
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
Overview
  • CVE ID
  • CVE-2009-1934
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-06-05T16:00:00
  • Last Modified Date
  • 2017-08-17T01:30:34
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp8:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:aix:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp8:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:hp_ux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp8:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:linux:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp8:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:windows:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp8:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:sparc:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp10:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp4:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp48:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp5:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp6:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp7:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:java_system_web_server:6.1:sp9:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:*:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp1:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp2:x86:*:*:*:*:* 1 OR
cpe:2.3:a:sun:one_web_server:6.1:sp3:x86:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
History
Created Old Value New Value Data Type Notes
2022-05-10 09:01:00 Added to TrackCVE