CVE-2006-6276

Published: Dec 4, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

Affected (8)

Products: Sun: Java System Application Server, Java System Web Proxy Server, Java System Web Server, One Application Server

4 products

Java System Application Server

Java System Web Proxy Server

Java System Web Server

One Application Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Sun Java System Application Server	Version 7.0
Sun Java System Application Server	Version 8.1
Sun Java System Web Proxy Server	All versions
Sun Java System Web Proxy Server	Version 3.6
Sun Java System Web Proxy Server	Version 4.0
Sun Java System Web Server	Version 6.0
Sun Java System Web Server	Version 6.1
Sun One Application Server	Version 7.0

Related CWEs

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (16)

http://secunia.com/advisories/23186

Source: cve@mitre.org

Broken Link

http://securitytracker.com/id?1017322

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1017323

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1017324

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

Source: cve@mitre.org

Broken LinkPatch

http://www.securityfocus.com/bid/21371

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2006/4793

Source: cve@mitre.org

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/30662

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://secunia.com/advisories/23186

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://securitytracker.com/id?1017322

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1017323

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://securitytracker.com/id?1017324

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatch

http://www.securityfocus.com/bid/21371

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2006/4793

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/30662

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.