Vulnerability Name:

CVE-2008-3683 (CCN-44413)

Assigned:2008-08-12
Published:2008-08-12
Updated:2017-08-08
Summary:Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-3683

Source: CCN
Type: SA31476
Sun Java System Web Proxy Server FTP Subsystem Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
31476

Source: CCN
Type: SECTRACK ID: 1020696
Sun Java Web Proxy Server FTP Subsystem Bug Lets Remote Users Deny Service

Source: SUNALERT
Type: Patch
240327

Source: CCN
Type: Sun Alert ID: 240327
A Security Vulnerability in the ftp Subsystem of Sun Java System Web Proxy Server 4.0 May Lead to a Denial of Service (DoS)

Source: CCN
Type: OSVDB ID: 47425
Sun Java System Web Proxy Server FTP Subsystem Unspecified Remote DoS

Source: BID
Type: Patch
30671

Source: CCN
Type: BID-30671
Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020696

Source: VUPEN
Type: UNKNOWN
ADV-2008-2366

Source: XF
Type: UNKNOWN
sun-webproxy-ftp-dos(44413)

Source: XF
Type: UNKNOWN
sun-webproxy-ftp-dos(44413)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_web_proxy_server:4:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp5:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.2:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.3:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.4:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_proxy_server:4.0.5:sp5:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system web proxy server 4 sp1
    sun java system web proxy server 4 sp2
    sun java system web proxy server 4 sp3
    sun java system web proxy server 4 sp4
    sun java system web proxy server 4 sp5
    sun java system web proxy server 4.0.1 sp1
    sun java system web proxy server 4.0.1 sp2
    sun java system web proxy server 4.0.1 sp3
    sun java system web proxy server 4.0.1 sp4
    sun java system web proxy server 4.0.1 sp5
    sun java system web proxy server 4.0.2 sp1
    sun java system web proxy server 4.0.2 sp2
    sun java system web proxy server 4.0.2 sp3
    sun java system web proxy server 4.0.2 sp4
    sun java system web proxy server 4.0.2 sp5
    sun java system web proxy server 4.0.3 sp1
    sun java system web proxy server 4.0.3 sp2
    sun java system web proxy server 4.0.3 sp3
    sun java system web proxy server 4.0.3 sp4
    sun java system web proxy server 4.0.3 sp5
    sun java system web proxy server 4.0.4 sp1
    sun java system web proxy server 4.0.4 sp2
    sun java system web proxy server 4.0.4 sp3
    sun java system web proxy server 4.0.4 sp4
    sun java system web proxy server 4.0.4 sp5
    sun java system web proxy server 4.0.5 sp1
    sun java system web proxy server 4.0.5 sp2
    sun java system web proxy server 4.0.5 sp3
    sun java system web proxy server 4.0.5 sp4
    sun java system web proxy server 4.0.5 sp5
    sun java system web proxy server 4.0
    sun java system web proxy server 4.0 sp1
    sun java system web proxy server 4.0.1 sp1
    sun java system web proxy server 4.0.2 sp1
    sun java system web proxy server 4.0.3 sp1
    sun java system web proxy server 4.0.4 sp1
    sun java system web proxy server 4.0.5 sp1
    sun java system web proxy server 4.0.1 sp2
    sun java system web proxy server 4.0.1 sp4
    sun java system web proxy server 4.0.1 sp3
    sun java system web proxy server 4.0.1 sp5
    sun java system web proxy server 4.0.2 sp2
    sun java system web proxy server 4.0.2 sp3
    sun java system web proxy server 4.0.2 sp4
    sun java system web proxy server 4.0.2 sp5
    sun java system web proxy server 4.0.3 sp2
    sun java system web proxy server 4.0.3 sp3
    sun java system web proxy server 4.0.3 sp4
    sun java system web proxy server 4.0.3 sp5
    sun java system web proxy server 4.0.4 sp2
    sun java system web proxy server 4.0.4 sp3
    sun java system web proxy server 4.0.4 sp4
    sun java system web proxy server 4.0.4 sp5
    sun java system web proxy server 4.0.5 sp2
    sun java system web proxy server 4.0.5 sp3
    sun java system web proxy server 4.0.5 sp4
    sun java system web proxy server 4.0.5 sp5
    sun solaris
    sun solaris 10.0