Search criteria
12 vulnerabilities found for java_web_console by sun
FKIE_CVE-2009-2283
Vulnerability from fkie_nvd - Published: 2009-07-01 13:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | java_web_console | 3.0.5 | |
| sun | solaris | 10 | |
| sun | solaris | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "1533E3FF-D600-42D5-9E85-B1059871D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris8_sparc:*:*:*:*:*",
"matchCriteriaId": "514EAF6E-AA16-4488-9681-5BE4CDB093A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris8_x86:*:*:*:*:*",
"matchCriteriaId": "B75F441A-A601-4498-A1AC-8C229CC20151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "58FB5260-0C6E-458E-96B3-821E87A5461E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "1E394A83-4A9B-4C5F-8BB1-F02A11DDE0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "97486A99-BAED-4037-A3F2-6D612441F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "684C5517-C9DE-46D8-B2B1-10B41241C525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "ED02804C-9C67-4327-9CC0-E04D64586AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:windows:*:*:*:*:*",
"matchCriteriaId": "F0CA6D39-929A-47B8-8E7C-F9FA3EB39E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "1DE7D4BA-AB64-4940-AA58-6A987F2B0231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "41F49B2D-DE7D-4D19-A89B-5B3F90929321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "24C0BC37-E25E-4CA5-9BA1-D3F05ED62A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:windows:*:*:*:*:*",
"matchCriteriaId": "82432AD2-0E2D-41ED-B79D-C36704D531D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642641D5-A711-42AC-BA14-2EA789844EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:linux:*:*:*:*:*",
"matchCriteriaId": "136D5CB1-9F76-4D9E-A867-699D64EEA352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:solaris9_sparc:*:*:*:*:*",
"matchCriteriaId": "D8A27771-0D5A-4A4E-8CC1-8D69001BD346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "9A1775BB-BBD0-4513-A4FF-A3EAFE060592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "358DF675-DF21-44DA-9715-07E2D954DE8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruxados (XSS) en help jsp scripts en Sun Java Web Console v3.0.2 a la v3.0.5, y Sun Java Web Console en Solaris 10, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2283",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-01T13:00:01.703",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35597"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5550
Vulnerability from fkie_nvd - Published: 2008-12-12 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| sun | java_web_console | 3.0.5 | |
| sun | solaris | 10 | |
| sun | solaris | 10 | |
| sun | sunos | 5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "642641D5-A711-42AC-BA14-2EA789844EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad involuntaria de redirecci\u00f3n en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elecci\u00f3n y realizar ataques de phising a trav\u00e9s del par\u00e1metro redirect_url."
}
],
"id": "CVE-2008-5550",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-12T18:30:03.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1286
Vulnerability from fkie_nvd - Published: 2008-03-11 17:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | solaris | 8 | |
| sun | solaris | 8 | |
| sun | solaris | 9 | |
| sun | solaris | 9 | |
| sun | solaris | 10 | |
| sun | solaris | 10 | |
| sun | java_web_console | 3.0.2 | |
| sun | java_web_console | 3.0.3 | |
| sun | java_web_console | 3.0.4 | |
| linux | linux_kernel | * | |
| sun | java_web_console | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*",
"matchCriteriaId": "6DBDFD8C-371E-42D2-9635-D8CDD1775984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:8:*:x86:*:*:*:*:*",
"matchCriteriaId": "E2F84D4E-EFE1-4A4F-BB58-E665A9C307A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*",
"matchCriteriaId": "14CFA6D3-A611-4DF0-97AB-C30B79833DFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*",
"matchCriteriaId": "F2F5901D-AB91-4F12-BF08-0BC3797833E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*",
"matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*",
"matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos."
}
],
"id": "CVE-2008-1286",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-11T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29290"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1681
Vulnerability from fkie_nvd - Published: 2007-04-19 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_web_console | 2.2.2 | |
| sun | java_web_console | 2.2.3 | |
| sun | java_web_console | 2.2.4 | |
| sun | java_web_console | 2.2.5 | |
| sun | solaris | 10.0 | |
| sun | solaris | 10.0 | |
| sun | java_web_console | 2.2.2 | |
| sun | java_web_console | 2.2.3 | |
| sun | java_web_console | 2.2.4 | |
| sun | java_web_console | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "12B7ECB2-D5F1-45F2-B412-F02BE7420E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*",
"matchCriteriaId": "7B885C74-201B-4F97-8CC5-13DE2AFED55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*",
"matchCriteriaId": "D3ED53C3-2888-44F3-A13F-18ACC0736C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*",
"matchCriteriaId": "338D8827-A49C-4CA4-AFD3-D308AC715C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0C0C3793-E011-4915-8F86-CE622A2D37D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*",
"matchCriteriaId": "DBEB91FE-FB39-4AB2-8172-2A47EC59861B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "12B7ECB2-D5F1-45F2-B412-F02BE7420E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*",
"matchCriteriaId": "7B885C74-201B-4F97-8CC5-13DE2AFED55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*",
"matchCriteriaId": "D3ED53C3-2888-44F3-A13F-18ACC0736C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*",
"matchCriteriaId": "338D8827-A49C-4CA4-AFD3-D308AC715C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en libwebconsole_services.so de Sun Java Web Console 2.2.2 hasta 2.2.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n), obtener informaci\u00f3n confidencial, y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no especificados durante un intento fallido de autenticaci\u00f3n en el sistema, referido a syslog."
}
],
"evaluatorImpact": "Root level code execution is only possible if the web console is running as root, which it does not by default.",
"evaluatorSolution": "The vendor has addressed this issue through multiple product updates: \r\n\r\nSun Java Web Console 2.2.2\r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.2 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n",
"id": "CVE-2007-1681",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-19T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34902"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24927"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2283 (GCVE-0-2009-2283)
Vulnerability from cvelistv5 – Published: 2009-07-01 12:26 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "262428",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2283",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5550 (GCVE-0-2008-5550)
Vulnerability from cvelistv5 – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
VLAI?
Summary
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "243786",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5550",
"datePublished": "2008-12-12T18:13:00",
"dateReserved": "2008-12-12T00:00:00",
"dateUpdated": "2024-08-07T10:56:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1286 (GCVE-0-2008-1286)
Vulnerability from cvelistv5 – Published: 2008-03-11 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1286",
"datePublished": "2008-03-11T17:00:00",
"dateReserved": "2008-03-11T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1681 (GCVE-0-2007-1681)
Vulnerability from cvelistv5 – Published: 2007-04-19 10:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"refsource": "OSVDB",
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"name": "http://www.nruns.com/security_advisory_sun_java_format_string.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1681",
"datePublished": "2007-04-19T10:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2283 (GCVE-0-2009-2283)
Vulnerability from nvd – Published: 2009-07-01 12:26 – Updated: 2024-08-07 05:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "262428",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "262428",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
},
{
"name": "35597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35597"
},
{
"name": "1020659",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2283",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5550 (GCVE-0-2008-5550)
Vulnerability from nvd – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
VLAI?
Summary
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "243786",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "243786",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1"
},
{
"name": "32771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32771"
},
{
"name": "sun-javawebconsole-unspecified-phishing(47257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47257"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5550",
"datePublished": "2008-12-12T18:13:00",
"dateReserved": "2008-12-12T00:00:00",
"dateUpdated": "2024-08-07T10:56:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1286 (GCVE-0-2008-1286)
Vulnerability from nvd – Published: 2008-03-11 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-javawebconsole-information-disclosure(41069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069"
},
{
"name": "1019574",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019574"
},
{
"name": "28155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28155"
},
{
"name": "29290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29290"
},
{
"name": "ADV-2008-0806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0806/references"
},
{
"name": "231526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1286",
"datePublished": "2008-03-11T17:00:00",
"dateReserved": "2008-03-11T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1681 (GCVE-0-2007-1681)
Vulnerability from nvd – Published: 2007-04-19 10:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "javawebconsole-libcsyslog-format-string(33731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33731"
},
{
"name": "102854",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1"
},
{
"name": "1017930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017930"
},
{
"name": "24927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24927"
},
{
"name": "ADV-2007-1443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1443"
},
{
"name": "20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466048/100/0/threaded"
},
{
"name": "34902",
"refsource": "OSVDB",
"url": "http://osvdb.org/34902"
},
{
"name": "23539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23539"
},
{
"name": "http://www.nruns.com/security_advisory_sun_java_format_string.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_sun_java_format_string.php"
},
{
"name": "oval:org.mitre.oval:def:1252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1681",
"datePublished": "2007-04-19T10:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}