CVE-2008-1286

Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/29290	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1	Patch
http://www.securityfocus.com/bid/28155	Patch
http://www.securitytracker.com/id?1019574
http://www.vupen.com/english/advisories/2008/0806/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41069

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sun:solaris:8::sparc:::::
	cpe:2.3:o:sun:solaris:8::x86:::::
	cpe:2.3:o:sun:solaris:9::sparc:::::
	cpe:2.3:o:sun:solaris:9::x86:::::
	cpe:2.3:o:sun:solaris:10::sparc:::::
	cpe:2.3:o:sun:solaris:10::x86:::::

OR	cpe:2.3:a:sun:java_web_console:3.0.2:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.3:::::::*
	cpe:2.3:a:sun:java_web_console:3.0.4:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-03-11 17:44

Updated : 2024-02-04 17:13

NVD link : CVE-2008-1286

Mitre link : CVE-2008-1286

CVE.ORG link : CVE-2008-1286

JSON object : View

Products Affected

sun

java_web_console
solaris

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-1286", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-11T17:44:00.000", "references": [{"url": "http://secunia.com/advisories/29290", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28155", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019574", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0806/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41069", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos."}], "lastModified": "2017-08-08T01:30:02.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DBDFD8C-371E-42D2-9635-D8CDD1775984"}, {"criteria": "cpe:2.3:o:sun:solaris:8:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2F84D4E-EFE1-4A4F-BB58-E665A9C307A0"}, {"criteria": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14CFA6D3-A611-4DF0-97AB-C30B79833DFA"}, {"criteria": "cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2F5901D-AB91-4F12-BF08-0BC3797833E8"}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872"}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416"}, {"criteria": "cpe:2.3:a:sun:java_web_console:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7786C0-4367-4224-BDA9-C5A0F466A6EF"}, {"criteria": "cpe:2.3:a:sun:java_web_console:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77A7094-D272-4A30-B79A-FE9D0301FA88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_web_console:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E0D3747-9ACD-40F4-9433-823489249416"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}