ONE Application Server
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0411 | Hig | 0.54 | 7.5 | 0.25 | Jun 30, 2003 | Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||
| CVE-2003-0412 | 0.00 | — | 0.02 | Jun 30, 2003 | Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities. | |||
| CVE-2003-0414 | 0.00 | — | 0.00 | Jun 30, 2003 | The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. | |||
| CVE-2002-0387 | 0.00 | — | 0.03 | Mar 18, 2003 | Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. |
- risk 0.54cvss 7.5epss 0.25
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
- CVE-2003-0412Jun 30, 2003risk 0.00cvss —epss 0.02
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
- CVE-2003-0414Jun 30, 2003risk 0.00cvss —epss 0.00
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
- CVE-2002-0387Mar 18, 2003risk 0.00cvss —epss 0.03
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.