| Vulnerability Name: | CVE-2007-1681 (CCN-33731) | ||||||||
| Assigned: | 2007-04-17 | ||||||||
| Published: | 2007-04-17 | ||||||||
| Updated: | 2018-10-16 | ||||||||
| Summary: | Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. Root level code execution is only possible if the web console is running as root, which it does not by default. The vendor has addressed this issue through multiple product updates: Sun Java Web Console 2.2.2 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console x86 2.2.2 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console x86 2.2.3 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console 2.2.3 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console x86 2.2.4 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console 2.2.4 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console x86 2.2.5 http://www.sun.com/download/products.xml?id=461d58be Sun Java Web Console 2.2.5 http://www.sun.com/download/products.xml?id=461d58be | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1681 Source: OSVDB Type: UNKNOWN 34902 Source: CCN Type: SA24927 Sun Solaris and Java Web Console Format String Vulnerability Source: SECUNIA Type: UNKNOWN 24927 Source: CCN Type: SECTRACK ID: 1017930 Sun Java Web Console Format String Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: Sun Alert ID: 102854 Security Vulnerability in the Sun Java Web Console May Allow Access to Privileged Data or Lead to Denial of Service Source: SUNALERT Type: Vendor Advisory 102854 Source: CCN Type: ASA-2007-169 Security Vulnerability in the Sun Java Web Console May Allow Access to Privileged Data or Lead to Denial of Service (Sun 102854) Source: CCN Type: n.runs-SA-2007.007 n.runs-SA-2007.007 Sun Microsystems, Inc., Java Web Console Format string vulnerability Source: MISC Type: UNKNOWN http://www.nruns.com/security_advisory_sun_java_format_string.php Source: CCN Type: OSVDB ID: 34902 Sun Java Web Console libwebconsole_services.so Remote Format String Source: BUGTRAQ Type: UNKNOWN 20070417 n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability Source: BID Type: UNKNOWN 23539 Source: CCN Type: BID-23539 Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability Source: SECTRACK Type: UNKNOWN 1017930 Source: VUPEN Type: UNKNOWN ADV-2007-1443 Source: XF Type: UNKNOWN javawebconsole-libcsyslog-format-string(33731) Source: XF Type: UNKNOWN javawebconsole-libcsyslog-format-string(33731) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1252 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||