Details of VAR-200405-0069

ID

VAR-200405-0069

TITLE

Sun Java System Application Server Remote Installation Path Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2004-1525 // BID: 10424

DESCRIPTION

Sun Java System Application Server is an application server that is compatible with the J2EE platform. The Java System Application Server incorrectly filters user-submitted requests, and a remote attacker can exploit this vulnerability to obtain installation path information for the server. Submit a similar request to Sun-Java-App-Server PE 8.0: http://127.0.0.1:8080////http://127.0.0.1:8080////CON server will return information containing the installation path Error message. Attackers can use this information to further attack the system. This issue is due to a failure of the application to properly filter user requests. Successful exploitation of this issue may allow an attacker to gain sensitive information about the file system that may aid in launching more direct attacks against the system

Trust: 0.81

sources: CNVD: CNVD-2004-1525 // BID: 10424

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2004-1525

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	java system application server platform edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	sun	model:	java system application server standard edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	java system application server platform edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	java system application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3

sources: CNVD: CNVD-2004-1525 // BID: 10424

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2004-1525
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2004-1525
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2004-1525

THREAT TYPE

network

Trust: 0.3

sources: BID: 10424

TYPE

Design Error

Trust: 0.3

sources: BID: 10424

EXTERNAL IDS

db:	BID	id:	10424	Trust: 0.9
db:	CNVD	id:	CNVD-2004-1525	Trust: 0.6

sources: CNVD: CNVD-2004-1525 // BID: 10424

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108568673231788&w=2	Trust: 0.6
url:	http://www.sun.com/software/products/appsrvr/home_appsrvr.html	Trust: 0.3
url:	/archive/1/364471	Trust: 0.3

sources: CNVD: CNVD-2004-1525 // BID: 10424

CREDITS

Discovery of this vulnerability is credited to Marc Schoenefeld <schonef@uni-muenster.de>.

Trust: 0.3

sources: BID: 10424

SOURCES

db:	CNVD	id:	CNVD-2004-1525
db:	BID	id:	10424

LAST UPDATE DATE

2022-05-17T01:52:12.238000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-1525	date:	2014-01-22T00:00:00
db:	BID	id:	10424	date:	2004-05-27T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-1525	date:	2004-05-27T00:00:00
db:	BID	id:	10424	date:	2004-05-27T00:00:00