Details of VAR-200511-0479

ID

VAR-200511-0479

CVE

CVE-2005-3472

TITLE

Sun Java System Communications Express Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 15271 // CNNVD: CNNVD-200511-094

DESCRIPTION

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. A remote attacker may obtain application configuration files. SOLUTION: Apply patches. -- SPARC Platform (Solaris 8, 9 and 10) -- Apply patch 118540-21 or later. -- x86 Platform (Solaris 8, 9 and 10) -- Apply patch 118541-21 or later. -- Linux Platform -- Apply patch 118542-21 or later. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-3472 // BID: 15271 // PACKETSTORM: 41189

AFFECTED PRODUCTS

vendor:	sun	model:	java system communications express	scope:	eq	version:	2005q1	Trust: 1.6
vendor:	sun	model:	java system communications express	scope:	eq	version:	2004q2	Trust: 1.6
vendor:	sun	model:	java system communications express 2005q1	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	java system communications express 2004q2	scope:	-	version:	-	Trust: 0.3

sources: BID: 15271 // CNNVD: CNNVD-200511-094 // NVD: CVE-2005-3472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3472
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200511-094
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2005-3472
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200511-094 // NVD: CVE-2005-3472

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-094

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200511-094

EXTERNAL IDS

db:	BID	id:	15271	Trust: 1.9
db:	SECUNIA	id:	17395	Trust: 1.7
db:	OSVDB	id:	20448	Trust: 1.6
db:	VUPEN	id:	ADV-2005-2274	Trust: 1.6
db:	SECTRACK	id:	1015135	Trust: 1.6
db:	NVD	id:	CVE-2005-3472	Trust: 1.6
db:	SUNALERT	id:	101948	Trust: 0.6
db:	CNNVD	id:	CNNVD-200511-094	Trust: 0.6
db:	PACKETSTORM	id:	41189	Trust: 0.1

sources: BID: 15271 // PACKETSTORM: 41189 // CNNVD: CNNVD-200511-094 // NVD: CVE-2005-3472

REFERENCES

url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1	Trust: 2.0
url:	http://secunia.com/advisories/17395	Trust: 1.6
url:	http://www.securityfocus.com/bid/15271	Trust: 1.6
url:	http://www.osvdb.org/20448	Trust: 1.6
url:	http://securitytracker.com/id?1015135	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2005/2274	Trust: 1.0
url:	http://www.frsirt.com/english/advisories/2005/2274	Trust: 0.6
url:	http://secunia.com/advisories/17395/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/6026/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 15271 // PACKETSTORM: 41189 // CNNVD: CNNVD-200511-094 // NVD: CVE-2005-3472

CREDITS

This issue was reported by Sun.

Trust: 0.9

sources: BID: 15271 // CNNVD: CNNVD-200511-094

SOURCES

db:	BID	id:	15271
db:	PACKETSTORM	id:	41189
db:	CNNVD	id:	CNNVD-200511-094
db:	NVD	id:	CVE-2005-3472

LAST UPDATE DATE

2024-08-14T15:45:37.418000+00:00

SOURCES UPDATE DATE

db:	BID	id:	15271	date:	2005-11-02T00:00:00
db:	CNNVD	id:	CNNVD-200511-094	date:	2005-11-03T00:00:00
db:	NVD	id:	CVE-2005-3472	date:	2011-03-08T02:26:34.407

SOURCES RELEASE DATE

db:	BID	id:	15271	date:	2005-11-02T00:00:00
db:	PACKETSTORM	id:	41189	date:	2005-11-03T01:02:14
db:	CNNVD	id:	CNNVD-200511-094	date:	2005-11-02T00:00:00
db:	NVD	id:	CVE-2005-3472	date:	2005-11-03T02:02:00