Vulnerability CVE-2008-3425
Published: 2008-07-31   Modified: 2012-02-12

Description:
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Java system web server plugin 
SUN -> N1 service provisioning system 

 References:
http://xforce.iss.net/xforce/xfdb/44114
http://www.vupen.com/english/advisories/2008/2261/references
http://www.securitytracker.com/id?1020608
http://www.securityfocus.com/bid/30451
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239566-1
http://secunia.com/advisories/31301
Copyright 2024, cxsecurity.com

 

Back to Top