Vulnerability CVE-2005-4806 - CERT Civis.Net

Vulnerability Name:

CVE-2005-4806 (CCN-22210)

Assigned:

2005-09-09

Published:

2005-09-09

Updated:

2011-03-08

Summary:

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2005-4806

Source: CCN
Type: SA16757
Sun Java System Web Proxy Server Denial of Service Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
16757

Source: CCN
Type: SECTRACK ID: 1014875
Sun Java Web Proxy Server Error in Processing Certain POST Requests May Let Remote Users Deny Service

Source: SECTRACK
Type: Patch
1014875

Source: SUNALERT
Type: Patch
101913

Source: CCN
Type: Sun Alert ID: 101913
Denial of Service Vunerabilities in Sun Java Web Proxy Server

Source: CCN
Type: OSVDB ID: 19307
Sun Java System Web Proxy Server Unspecified DoS (6264430)

Source: CCN
Type: OSVDB ID: 19308
Sun Java System Web Proxy Server ns-proxy Crafted POST Request DoS

Source: CCN
Type: OSVDB ID: 19309
Sun Java System Web Proxy Server Unspecified DoS (6291212)

Source: CCN
Type: BID-14788
Sun Java System Web Proxy Server Unspecified Remote Denial Of Service Vulnerability

Source: CCN
Type: Sun Java System Web Proxy Server Web page
Sun Java System Web Proxy Server 3.6

Source: VUPEN
Type: UNKNOWN
ADV-2005-1689

Source: XF
Type: UNKNOWN
sun-java-web-proxy-unknown-dos(22210)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*

AND

cpe:/o:redhat:linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000_advanced_server:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux:2.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3.3:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~enterprise~~~:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:server:*:*:*

OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

Denotes that component is vulnerable