Sun ONE Web Server 4.1 SP2

CPE Details

Sun ONE Web Server 4.1 SP2
sun
one_web_server
4.1
2007-08-23
19h16 +00:00
2009-06-02
18h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*

Informations

Vendor

sun

Product

one_web_server

Version

4.1

Update

sp2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2003-1589 2010-02-25 18h00 +00:00 Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
5
CVE-2003-1577 2010-02-05 21h13 +00:00 Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
2.6
CVE-2003-1578 2010-02-05 21h13 +00:00 Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4.3
CVE-2004-2763 2009-06-01 22h00 +00:00 The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
5.8
CVE-2004-0826 2004-09-02 02h00 +00:00 Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
7.5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.