Vulnerability Name:

CVE-2007-4025 (CCN-35579)

Assigned:2007-07-24
Published:2007-07-24
Updated:2017-07-29
Summary:Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2007-4025

Source: OSVDB
Type: UNKNOWN
37250

Source: CCN
Type: SA26187
Sun Java System Application Server JSP Source Code Disclosure

Source: SECUNIA
Type: Patch, Vendor Advisory
26187

Source: CCN
Type: SECTRACK ID: 1018452
Sun Java System Application Server Discloses JSP Source Code to Remote Users

Source: SUNALERT
Type: Patch
103000

Source: SUNALERT
Type: UNKNOWN
201537

Source: CCN
Type: Sun Alert ID: 103000
JSP Source Code Exposure Issue on Windows Platform Affects Sun Java System Application Server

Source: CCN
Type: OSVDB ID: 37250
Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Disclosure

Source: BID
Type: UNKNOWN
25058

Source: CCN
Type: BID-25058
Sun Java System Application Server JSP Source Code Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018452

Source: VUPEN
Type: UNKNOWN
ADV-2007-2647

Source: XF
Type: UNKNOWN
sunjava-windows-source-disclosure(35579)

Source: XF
Type: UNKNOWN
sunjava-windows-source-disclosure(35579)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0:*:platform:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_application_server:8.2::platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:9.0::platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.1::enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.2::enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:8.1::platform:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system application server 8.1
    sun java system application server 8.1
    sun java system application server 8.1 ur1
    sun java system application server 8.2
    sun java system application server 8.2
    sun java system application server 9.0
    sun java system application server 8.2
    sun java system application server 9.0
    sun java system application server 8.1
    sun java system application server 8.2
    sun java system application server 8.1