CVE-2008-1286

Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29290	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1	Patch
http://www.securityfocus.com/bid/28155	Patch
http://www.securitytracker.com/id?1019574
http://www.vupen.com/english/advisories/2008/0806/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41069
http://secunia.com/advisories/29290	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1	Patch
http://www.securityfocus.com/bid/28155	Patch
http://www.securitytracker.com/id?1019574
http://www.vupen.com/english/advisories/2008/0806/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41069

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sun:solaris:8::sparc:::::
	cpe:2.3:o:sun:solaris:8::x86:::::
	cpe:2.3:o:sun:solaris:9::sparc:::::
	cpe:2.3:o:sun:solaris:9::x86:::::
	cpe:2.3:o:sun:solaris:10::sparc:::::
	cpe:2.3:o:sun:solaris:10::x86:::::

OR	cpe:2.3:a:sun:java_web_console:3.0.2:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.3:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.4:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:44

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/29290 - Vendor Advisory~~	() http://secunia.com/advisories/29290 - Vendor Advisory
References	~~() http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1 - Patch~~	() http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1 - Patch
References	~~() http://www.securityfocus.com/bid/28155 - Patch~~	() http://www.securityfocus.com/bid/28155 - Patch
References	~~() http://www.securitytracker.com/id?1019574 -~~	() http://www.securitytracker.com/id?1019574 -
References	~~() http://www.vupen.com/english/advisories/2008/0806/references -~~	() http://www.vupen.com/english/advisories/2008/0806/references -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41069 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41069 -

Information

Published : 2008-03-11 17:44

Updated : 2025-04-09 00:30

NVD link : CVE-2008-1286

Mitre link : CVE-2008-1286

CVE.ORG link : CVE-2008-1286

JSON object : View

Products Affected

sun

solaris
java_web_console

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-1286", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-11T17:44:00.000", "references": [{"url": "http://secunia.com/advisories/29290", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28155", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019574", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0806/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29290", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28155", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1019574", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0806/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DBDFD8C-371E-42D2-9635-D8CDD1775984"}, {"criteria": "cpe:2.3:o:sun:solaris:8:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2F84D4E-EFE1-4A4F-BB58-E665A9C307A0"}, {"criteria": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14CFA6D3-A611-4DF0-97AB-C30B79833DFA"}, {"criteria": "cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2F5901D-AB91-4F12-BF08-0BC3797833E8"}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872"}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416"}, {"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF"}, {"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.8 /10