Vulnerability CVE-2006-3225

Vulnerability Name:

CVE-2006-3225 (CCN-27392)

Assigned:

2006-06-23

Published:

2006-06-23

Updated:

2017-07-20

Summary:

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-3225

Source: CCN
Type: SA20835
Sun Java System Application Server Cross-Site Scripting

Source: SECUNIA
Type: UNKNOWN
20835

Source: CCN
Type: SECTRACK ID: 1016378
Sun ONE and Sun Java System Application Server Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1016378

Source: CCN
Type: Sun Alert ID: 102479
Cross-Site Scripting Vulnerability in Sun ONE and Sun Java System Application Server

Source: SUNALERT
Type: UNKNOWN
102479

Source: CCN
Type: OSVDB ID: 26792
Sun Java System Application Server Unspecified XSS

Source: BID
Type: UNKNOWN
18635

Source: CCN
Type: BID-18635
Sun ONE and Sun Java System Application Server Unspecified Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2508

Source: XF
Type: UNKNOWN
sun-java-parameters-xss(27392)

Source: XF
Type: UNKNOWN
sun-java-parameters-xss(27392)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_application_server:*:ur4:*:*:*:*:*:* (Version <= 7.0)

OR cpe:/a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*

OR cpe:/a:sun:one_application_server:*:update_8:*:*:*:*:*:* (Version <= 7.0)

Configuration CCN 1:

cpe:/a:sun:one_application_server:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK