Vulnerability CVE-2005-4805 - CERT Civis.Net

Vulnerability Name:

CVE-2005-4805 (CCN-22731)

Assigned:

2005-10-11

Published:

2005-10-11

Updated:

2008-09-05

Summary:

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2005-4805

Source: CCN
Type: SA17164
Sun Java System Application Server JSP Source Code Disclosure

Source: SECUNIA
Type: Patch, Vendor Advisory
17164

Source: CCN
Type: SECTRACK ID: 1015047
Sun Java System Application Server May Disclose JSP Source Code to Remote Users

Source: SECTRACK
Type: Patch
1015047

Source: CCN
Type: Sun Alert ID: 101910
Sun Java System Application Server May Disclose Source Code of Java Server Pages

Source: SUNALERT
Type: Patch
101910

Source: OSVDB
Type: UNKNOWN
19950

Source: CCN
Type: OSVDB ID: 19950
Sun Java System Application Server Unspecified JSP Source Code Disclosure

Source: BID
Type: Patch
15084

Source: CCN
Type: BID-15084
Sun Java System Application Server Java Server Page Source Disclosure Vulnerability

Source: CCN
Type: Sun Java System Application Server Web page
Sun Java System Application Server

Source: XF
Type: UNKNOWN
sun-java-source-code-disclosure(22731)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_application_server:6.0:*:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur2:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur6:standard:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur6:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur5:standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur5:platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0::standard:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0::platform:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:7.0::enterprise:*:*:*:*:*

OR cpe:/a:sun:java_system_application_server:6.0::platform:*:*:*:*:*

Denotes that component is vulnerable