Published: 23/04/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 up to and including 6.4 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun java system delegated administrator 6.2
sun java system delegated administrator 6.3
sun java system delegated administrator 6.4

source: wwwsecurityfocuscom/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted This could aid in various a ...

CWE-20 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255928-1 http://securitytracker.com/id?1022108 http://www.vupen.com/english/advisories/2009/1122 http://secunia.com/advisories/34760 http://www.coresecurity.com/content/sun-delegated-administrator http://www.securityfocus.com/bid/34643 http://sunsolve.sun.com/search/document.do?assetkey=1-21-121581-20-1 http://osvdb.org/53920 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020305.1-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/50004 http://www.securityfocus.com/archive/1/502863/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32940/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1357

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect