Vulnerabilites related to sun - java_web_console
Vulnerability from fkie_nvd
Published
2007-04-19 10:19
Modified
2024-11-21 00:28
Severity ?
Summary
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 2.2.2 | |
| sun | java_web_console | 2.2.3 | |
| sun | java_web_console | 2.2.4 | |
| sun | java_web_console | 2.2.5 | |
| sun | solaris | 10.0 | |
| sun | solaris | 10.0 | |
| sun | java_web_console | 2.2.2 | |
| sun | java_web_console | 2.2.3 | |
| sun | java_web_console | 2.2.4 | |
| sun | java_web_console | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "12B7ECB2-D5F1-45F2-B412-F02BE7420E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*",
"matchCriteriaId": "7B885C74-201B-4F97-8CC5-13DE2AFED55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*",
"matchCriteriaId": "D3ED53C3-2888-44F3-A13F-18ACC0736C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*",
"matchCriteriaId": "338D8827-A49C-4CA4-AFD3-D308AC715C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0C0C3793-E011-4915-8F86-CE622A2D37D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*",
"matchCriteriaId": "DBEB91FE-FB39-4AB2-8172-2A47EC59861B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "12B7ECB2-D5F1-45F2-B412-F02BE7420E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*",
"matchCriteriaId": "7B885C74-201B-4F97-8CC5-13DE2AFED55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*",
"matchCriteriaId": "D3ED53C3-2888-44F3-A13F-18ACC0736C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*",
"matchCriteriaId": "338D8827-A49C-4CA4-AFD3-D308AC715C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en libwebconsole_services.so de Sun Java Web Console 2.2.2 hasta 2.2.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n), obtener informaci\u00f3n confidencial, y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados durante un intento fallido de autenticaci\u00f3n en el sistema, referido a syslog."
}
],
"evaluatorImpact": "Root level code execution is only possible if the web console is running as root, which it does not by default.",
"evaluatorSolution": "The vendor has addressed this issue through multiple product updates: \r\n\r\nSun Java Web Console 2.2.2\r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.2 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n",
"id": "CVE-2007-1681",
"lastModified": "2024-11-21T00:28:55.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-19T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34902"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24927"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-11 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | solaris | 8 | |
| sun | solaris | 8 | |
| sun | solaris | 9 | |
| sun | solaris | 9 | |
| sun | solaris | 10 | |
| sun | solaris | 10 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| linux | linux_kernel | * | |
| sun | java_web_console | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*",
"matchCriteriaId": "6DBDFD8C-371E-42D2-9635-D8CDD1775984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:8:*:x86:*:*:*:*:*",
"matchCriteriaId": "E2F84D4E-EFE1-4A4F-BB58-E665A9C307A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*",
"matchCriteriaId": "14CFA6D3-A611-4DF0-97AB-C30B79833DFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*",
"matchCriteriaId": "F2F5901D-AB91-4F12-BF08-0BC3797833E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos."
}
],
"id": "CVE-2008-1286",
"lastModified": "2024-11-21T00:44:10.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-11T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29290"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-01 13:00
Modified
2024-11-21 01:04
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | solaris | 10 | |
| sun | solaris | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "1533E3FF-D600-42D5-9E85-B1059871D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris8_sparc:*:*:*:*:*",
"matchCriteriaId": "514EAF6E-AA16-4488-9681-5BE4CDB093A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris8_x86:*:*:*:*:*",
"matchCriteriaId": "B75F441A-A601-4498-A1AC-8C229CC20151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "58FB5260-0C6E-458E-96B3-821E87A5461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "1E394A83-4A9B-4C5F-8BB1-F02A11DDE0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "97486A99-BAED-4037-A3F2-6D612441F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "684C5517-C9DE-46D8-B2B1-10B41241C525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "ED02804C-9C67-4327-9CC0-E04D64586AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:windows:*:*:*:*:*",
"matchCriteriaId": "F0CA6D39-929A-47B8-8E7C-F9FA3EB39E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "1DE7D4BA-AB64-4940-AA58-6A987F2B0231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "41F49B2D-DE7D-4D19-A89B-5B3F90929321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "24C0BC37-E25E-4CA5-9BA1-D3F05ED62A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:windows:*:*:*:*:*",
"matchCriteriaId": "82432AD2-0E2D-41ED-B79D-C36704D531D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642641D5-A711-42AC-BA14-2EA789844EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "136D5CB1-9F76-4D9E-A867-699D64EEA352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "D8A27771-0D5A-4A4E-8CC1-8D69001BD346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "9A1775BB-BBD0-4513-A4FF-A3EAFE060592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "358DF675-DF21-44DA-9715-07E2D954DE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruxados (XSS) en help jsp scripts en Sun Java Web Console v3.0.2 a la v3.0.5, y Sun Java Web Console en Solaris 10, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2283",
"lastModified": "2024-11-21T01:04:30.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-01T13:00:01.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35597"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-12 18:30
Modified
2024-11-21 00:54
Severity ?
Summary
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.5 | |
| sun | solaris | 10 | |
| sun | solaris | 10 | |
| sun | sunos | 5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642641D5-A711-42AC-BA14-2EA789844EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad involuntaria de redirecci\u00f3n en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elecci\u00f3n y realizar ataques de phising a trav\u00e9s del par\u00e1metro redirect_url."
}
],
"id": "CVE-2008-5550",
"lastModified": "2024-11-21T00:54:19.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-12T18:30:03.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-1286
Vulnerability from cvelistv5
Published
2008-03-11 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41069 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1019574 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/28155 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29290 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0806/references | vdb-entry, x_refsource_VUPEN | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1286",
"datePublished": "2008-03-11T17:00:00",
"dateReserved": "2008-03-11T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1681
Vulnerability from cvelistv5
Published
2007-04-19 10:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33731 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.securitytracker.com/id?1017930 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/24927 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/1443 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/466048/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/34902 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23539 | vdb-entry, x_refsource_BID | |
| http://www.nruns.com/security_advisory_sun_java_format_string.php | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"refsource": "OSVDB",
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"name": "http://www.nruns.com/security_advisory_sun_java_format_string.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1681",
"datePublished": "2007-04-19T10:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2283
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://secunia.com/advisories/35597 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "262428",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2283",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5550
Vulnerability from cvelistv5
Published
2008-12-12 18:13
Modified
2024-08-07 10:56
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32771 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47257 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "243786",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5550",
"datePublished": "2008-12-12T18:13:00",
"dateReserved": "2008-12-12T00:00:00",
"dateUpdated": "2024-08-07T10:56:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}