Sun Java System Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Sun Java System Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2011-0807 — CVSS 10.0 (critical): Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1…
CVE-2007-3715 — CVSS 9.3 (critical): Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT…
CVE-2010-0386 — CVSS 8.1 (high): The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for…
CVE-2004-0826 — CVSS 7.5 (high): Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a…
CVE-2007-5152 — CVSS 7.5 (high): Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication…
CVE-2007-5153 — CVSS 6.8 (medium): Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container…
CVE-2006-2501 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE…
CVE-2006-6276 — CVSS 6.8 (medium): HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or…
CVE-2012-3155 — CVSS 5.0 (medium): Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and…
CVE-2004-2216 — CVSS 5.0 (medium): Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and…
CVE-2005-4804 — CVSS 5.0 (medium): Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition…
CVE-2005-4805 — CVSS 5.0 (medium): Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and…
CVE-2007-4511 — CVSS 5.0 (medium): The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL…
CVE-2008-2120 — CVSS 5.0 (medium): Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0…
CVE-2009-0278 — CVSS 5.0 (medium): Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1)…
CVE-2005-0742 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or…
CVE-2008-2751 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow…
CVE-2008-5266 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java…
CVE-2007-4025 — CVSS 4.3 (medium): Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to…
CVE-2006-3921 — CVSS 4.0 (medium): Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files…
CVE-2005-4046 — CVSS 4.0 (medium): Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server…
CVE-2006-3225 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before…