FKIE_CVE-2008-4541
Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D89B7-2C74-4CDC-8708-D9FACC4DE7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "927171C0-E754-4FC1-AA9F-6565ADE2B63D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EECC7DD-79F8-4189-91C7-2E8F5AB6A50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A14869F3-76A8-4407-85C8-3D9764721EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "18658A61-81D2-4FDD-8DB2-8222CCCF85C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C0B02862-58BD-4D29-A2D1-3A7925FA8DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "BE09D9A5-4A81-4771-9D1F-E74845537486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "B4B978A8-4D6D-4E1F-94FF-3ED6ECB584C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "D03FFC6C-1CDB-49ED-B693-DC53D87118C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1C4E0-1EB0-4CDE-90D5-1A600BCBA93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "399B9003-1841-4F68-ABD9-EFAF8FDAFADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CE035EA8-4F06-4C14-9E27-8F1533D1433B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "9D93A98A-39F3-44C7-9150-90C3892508C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D2B7A60C-89B5-4851-BE12-4196A6A4D616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp5:*:*:*:*:*:*",
"matchCriteriaId": "29307BC1-6FC6-4F82-9031-E7317B2AFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "1BAD5224-978C-4317-8FA2-FF56FF022E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC07AB3E-09D4-47B2-B065-8E5A73775982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "69CE3DFF-8BFD-45BF-BA2A-DB176BF17C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4DB543F2-7DC6-4EED-92D3-EBC12E70AC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "559B8C70-F680-4578-9E68-258D91B41E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C7C836B7-564C-4EAD-A9EF-FB41C0533238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp5:*:*:*:*:*:*",
"matchCriteriaId": "3C5C06DE-0800-4A43-BEC1-B38811660DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.3:sp6:*:*:*:*:*:*",
"matchCriteriaId": "511AEA73-AECF-4ECF-9690-03BF516875E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97EB8961-9F4D-498D-B2C7-421175F8FE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "CF2CB27C-5F5A-4057-9B47-61365F0658C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "766DA0FE-CAA8-4946-A4AE-4E464D0D0D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp3:*:*:*:*:*:*",
"matchCriteriaId": "67DBCAEE-BC63-4C92-8A91-839F475FBB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp4:*:*:*:*:*:*",
"matchCriteriaId": "13903015-75DD-4F12-9E9A-F12844CEA251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp5:*:*:*:*:*:*",
"matchCriteriaId": "C48458F0-E844-4654-B450-77E2BF97B047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.4:sp6:*:*:*:*:*:*",
"matchCriteriaId": "6CA00153-D1EF-44BE-9288-00D2358DA55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B4BC20-945E-4F5E-A850-AE9BC30119F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BDE95076-C3FF-41E0-A5A0-B70E779EAF77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4435E1C4-BAD3-4902-A5F0-3C024CE78766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "982A6037-F163-4F48-9CF9-D07D37824565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "5FB0CAFB-AA1A-408D-9436-CFDAB6985FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "848A771F-CB1D-49BC-A1D7-48C31AA91590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.5:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B976BD9A-CC17-40DD-A167-FB549460AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "84FAC4BC-5A3F-41E6-B881-1ABB00C8167D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "61285CF6-F5BD-4C19-B288-1EF1A9AAFBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:sparc:*:*:*:*:*",
"matchCriteriaId": "ED09307B-02D6-4861-8FF6-5EEC4CE257FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:windows:*:*:*:*:*",
"matchCriteriaId": "48DEE6A3-3EED-408A-BC93-85BAB1EA336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.6:*:x86:*:*:*:*:*",
"matchCriteriaId": "1C1A1FDC-6DF3-45CF-A4B7-3847429C6C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4F13A0-8097-4A06-9989-F33918FE8ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "1693ED80-2CE6-4536-A0EA-E7D0C24FDF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:linux:*:*:*:*:*",
"matchCriteriaId": "FDB620CE-A4C0-4A49-8022-DA5FA40FFF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:sparc:*:*:*:*:*",
"matchCriteriaId": "4BCF42A1-BAB1-40C8-959F-0AC16B542577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:windows:*:*:*:*:*",
"matchCriteriaId": "82BBA16B-3F2F-49D3-99FC-4F3A45F1B68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0.7:*:x86:*:*:*:*:*",
"matchCriteriaId": "A0C6FF56-864E-408C-AFDE-68D6DC7C6880",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el subsistema FTP en Sun Java System Web Proxy Server versiones 4.0 hasta 4.0.7, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n GET de HTTP dise\u00f1ada."
}
],
"id": "CVE-2008-4541",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-13T20:00:02.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32227"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021038"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31691"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2781"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…